From 06c34d8de4e34963774fc3621618176baa8d63f3 Mon Sep 17 00:00:00 2001
From: Doruk Ardahan <35905596+dorukardahan@users.noreply.github.com>
Date: Thu, 26 Feb 2026 18:45:42 +0300
Subject: [PATCH] docs(security): clarify iptables-nft backend mapping

---
 docs/gateway/security/index.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/docs/gateway/security/index.md b/docs/gateway/security/index.md
index 03959f5d446..bb9abd16036 100644
--- a/docs/gateway/security/index.md
+++ b/docs/gateway/security/index.md
@@ -638,6 +638,8 @@ chains, not only host `INPUT` rules.
 
 To keep Docker traffic aligned with your firewall policy, enforce rules in
 `DOCKER-USER` (this chain is evaluated before Docker's own accept rules).
+On many modern distros, `iptables`/`ip6tables` use the `iptables-nft` frontend
+and still apply these rules to the nftables backend.
 
 Minimal allowlist example (IPv4):