diff --git a/charts/linkerd2-cni/README.md b/charts/linkerd2-cni/README.md
index fbd3bd0f9c680..659cbbfaaab2c 100644
--- a/charts/linkerd2-cni/README.md
+++ b/charts/linkerd2-cni/README.md
@@ -35,7 +35,7 @@ Kubernetes: `>=1.22.0-0`
 | image.version | string | `"v1.5.2"` | Tag for the CNI container Docker image |
 | imagePullSecrets | list | `[]` |  |
 | inboundProxyPort | int | `4143` | Inbound port for the proxy container |
-| iptablesMode | string | `"legacy"` | Variant of iptables that will be used to configure routing |
+| iptablesMode | string | `"legacy"` | Variant of iptables that will be used to configure routing. Allowed values are 'nft', 'legacy' and 'default'. They invoke 'iptables-nft', 'iptables-legacy' and 'iptables' commands respectively. The 'default' mode is targeted at RHEL, which ships with an nftables-based 'iptables' command. |
 | logLevel | string | `"info"` | Log level for the CNI plugin |
 | outboundProxyPort | int | `4140` | Outbound port for the proxy container |
 | podLabels | object | `{}` | Additional labels to add to all pods |
diff --git a/charts/linkerd2-cni/values.yaml b/charts/linkerd2-cni/values.yaml
index 01195dd3a1c20..861a120e355ad 100644
--- a/charts/linkerd2-cni/values.yaml
+++ b/charts/linkerd2-cni/values.yaml
@@ -28,7 +28,10 @@ destCNINetDir:    "/etc/cni/net.d"
 destCNIBinDir:    "/opt/cni/bin"
 # -- Configures the CNI plugin to use the -w flag for the iptables command
 useWaitFlag:      false
-# -- Variant of iptables that will be used to configure routing
+# -- Variant of iptables that will be used to configure routing. Allowed values
+# are 'nft', 'legacy' and 'default'. They invoke 'iptables-nft',
+# 'iptables-legacy' and 'iptables' commands respectively. The 'default' mode is
+# targeted at RHEL, which ships with an nftables-based 'iptables' command.
 iptablesMode: "legacy"
 # -- Disables adding IPv6 rules on top of IPv4 rules
 disableIPv6: true