diff --git a/inventory/sample/group_vars/k8s-cluster/k8s-net-calico.yml b/inventory/sample/group_vars/k8s-cluster/k8s-net-calico.yml
index 5e0d7d76d..9dfaabbb4 100644
--- a/inventory/sample/group_vars/k8s-cluster/k8s-net-calico.yml
+++ b/inventory/sample/group_vars/k8s-cluster/k8s-net-calico.yml
@@ -31,8 +31,8 @@
 # Choose data store type for calico: "etcd" or "kdd" (kubernetes datastore)
 # calico_datastore: "etcd"
 
-# Choose Calico iptables backend: "Iptables" or "NFT"
-# calico_iptables_backend: "Iptables"
+# Choose Calico iptables backend: "Legacy", "Auto" or "NFT"
+# calico_iptables_backend: "Legacy"
 
 # Use typha (only with kdd)
 # typha_enabled: false
diff --git a/roles/network_plugin/calico/defaults/main.yml b/roles/network_plugin/calico/defaults/main.yml
index 8f0e985cb..b8ed03393 100644
--- a/roles/network_plugin/calico/defaults/main.yml
+++ b/roles/network_plugin/calico/defaults/main.yml
@@ -56,8 +56,8 @@ calico_healthhost: "localhost"
 # Configure time in seconds that calico will wait for the iptables lock
 calico_iptables_lock_timeout_secs: 10
 
-# Choose Calico iptables backend: "Iptables" or "NFT" (FELIX_IPTABLESBACKEND)
-calico_iptables_backend: "Iptables"
+# Choose Calico iptables backend: "Legacy", "Auto" or "NFT" (FELIX_IPTABLESBACKEND)
+calico_iptables_backend: "Legacy"
 
 # If you want to use non default IP_AUTODETECTION_METHOD for calico node set this option to one of:
 # * can-reach=DESTINATION