diff --git a/salt/firewall/mgmt-gw.sh b/salt/firewall/mgmt-gw.sh
index c247a3f..a0c49ef 100644
--- a/salt/firewall/mgmt-gw.sh
+++ b/salt/firewall/mgmt-gw.sh
@@ -1,5 +1,7 @@
 #!/bin/sh
 
+export PATH=/sbin:/bin:/usr/sbin:/usr/bin
+
 IFACE=mgmt
 iptables -F FORWARD
 ip6tables -F FORWARD
diff --git a/salt/upstream/6to4-down b/salt/upstream/6to4-down
index 9f03887..6ffe301 100644
--- a/salt/upstream/6to4-down
+++ b/salt/upstream/6to4-down
@@ -1,3 +1,5 @@
 #!/bin/sh
 
+export PATH=/sbin:/bin:/usr/sbin:/usr/bin
+
 ip tunnel del 6to4
diff --git a/salt/upstream/6to4-up b/salt/upstream/6to4-up
index a450ae7..047e58b 100644
--- a/salt/upstream/6to4-up
+++ b/salt/upstream/6to4-up
@@ -1,5 +1,7 @@
 #!/bin/sh
 
+export PATH=/sbin:/bin:/usr/sbin:/usr/bin
+
 INET=$(ip addr show dev {{ interface }} | \
     egrep -oe '[[:digit:]]+\.[[:digit:]]+\.[[:digit:]]+\.[[:digit:]]+' | \
     head -n 1)
diff --git a/salt/upstream/dyndns b/salt/upstream/dyndns
index df1699f..510c643 100644
--- a/salt/upstream/dyndns
+++ b/salt/upstream/dyndns
@@ -1,5 +1,7 @@
 #!/bin/sh
 
+export PATH=/sbin:/bin:/usr/sbin:/usr/bin
+
 if [ "$IFACE" = "{{ interface }}" ]; then
    IP=`ip a| grep inet |grep $IFACE|awk '{print $2}'|sed -e 's#/.*##'`
 
diff --git a/salt/upstream/iptables b/salt/upstream/iptables
index 500134c..47100d7 100644
--- a/salt/upstream/iptables
+++ b/salt/upstream/iptables
@@ -1,5 +1,7 @@
 #!/bin/sh
 
+export PATH=/sbin:/bin:/usr/sbin:/usr/bin
+
 if [ "$IFACE" = "{{ interface }}" ]; then
    iptables -A INPUT -i "$IFACE" -m state --state ESTABLISHED,RELATED -j ACCEPT
    iptables -A INPUT -i "$IFACE" -j DROP
diff --git a/salt/upstream/masquerade b/salt/upstream/masquerade
index 5722ba9..a059c4d 100644
--- a/salt/upstream/masquerade
+++ b/salt/upstream/masquerade
@@ -1,5 +1,7 @@
 #!/bin/sh
 
+export PATH=/sbin:/bin:/usr/sbin:/usr/bin
+
 if [ "$IFACE" = "{{ interface }}" ]; then
    iptables -t nat -A POSTROUTING -o "$IFACE" -j MASQUERADE
 fi
diff --git a/salt/upstream/nat66 b/salt/upstream/nat66
index b6b4915..9d0e6b0 100644
--- a/salt/upstream/nat66
+++ b/salt/upstream/nat66
@@ -1,5 +1,7 @@
 #!/bin/sh
 
+export PATH=/sbin:/bin:/usr/sbin:/usr/bin
+
 if [ "$IFACE" = "{{ interface }}" ]; then
    ip6tables -t nat -A POSTROUTING -o "$IFACE" -j MASQUERADE
 fi
diff --git a/salt/upstream/port-forwarding b/salt/upstream/port-forwarding
index bd9577f..f28cfc3 100644
--- a/salt/upstream/port-forwarding
+++ b/salt/upstream/port-forwarding
@@ -1,5 +1,7 @@
 #!/bin/sh
 
+export PATH=/sbin:/bin:/usr/sbin:/usr/bin
+
 if [ "$IFACE" = "{{ interface }}" ]; then
 {%- for fwd in ports %}
    iptables -t nat -A PREROUTING -i {{ interface }} -p {{ fwd.proto }} --dport {{ fwd.port }} -j DNAT --to-destination {{ fwd.to }}
diff --git a/salt/upstream/shaping b/salt/upstream/shaping
index 220cb7f..a69816c 100644
--- a/salt/upstream/shaping
+++ b/salt/upstream/shaping
@@ -1,5 +1,7 @@
 #!/bin/sh
 
+export PATH=/sbin:/bin:/usr/sbin:/usr/bin
+
 if [ "$IFACE" = "{{ iface }}" ]; then
    tc qdisc del dev $IFACE root    2> /dev/null >  /dev/null
    tc qdisc add dev $IFACE root       handle  1   hfsc default 1