diff --git a/manifests/iptables.pp b/manifests/iptables.pp
index 068b03f877c4091c177cce358442e9cf3245550a..a6f5319f2d21e7ffc07374c3c8b1ab1af76f3977 100644
--- a/manifests/iptables.pp
+++ b/manifests/iptables.pp
@@ -8,6 +8,7 @@ class base::iptables {
         command     => '/usr/sbin/rebuild-iptables',
         refreshonly => true,
         require     => Package['stanford-server'],
+        path        => '/usr/bin',
         unless      => '[ -e /etc/no-iptables ]',
     }
 
diff --git a/manifests/iptables/rule.pp b/manifests/iptables/rule.pp
index d6f644f4bb8cb080b9bc0b514f3b2532b10fa47d..07ce39cdc59bc85005d1184dfc1be4962f13a5d0 100644
--- a/manifests/iptables/rule.pp
+++ b/manifests/iptables/rule.pp
@@ -17,7 +17,7 @@
 # Multiple ports, multiple sources, and multiple protocols can be specified.
 # If only one is given, the [] brackets are optional.  Description (optional)
 # is used to generate a comment at the top of the file and has no other
-# semantic meaning. 
+# semantic meaning.
 #
 # Protocol is required.  Source and port are optional; if omitted, connections
 # from any source or port are allowed.  Omitting source AND port is not
@@ -34,9 +34,12 @@ define base::iptables::rule(
     if ($source == '' and $port == '') {
         fail "Base::Iptables::Rule[$name] - you cannot omit both source and port"
     }
+
+    include base::iptables
+
     file { "/etc/iptables.d/${name}":
         ensure  => $ensure,
         content => template('base/iptables/rule.erb'),
         notify  => Exec['rebuild-iptables'],
     }
-}
\ No newline at end of file
+}