From 33e3aac2e94470b32ad67d1ddd527324e6066605 Mon Sep 17 00:00:00 2001
From: Laurence <laurence.jones@live.co.uk>
Date: Mon, 4 Aug 2025 11:07:55 +0100
Subject: [PATCH] enhance: add new iptables opts

---
 .../unversioned/bouncers/firewall.mdx         | 28 ++++++++++++++++++-
 1 file changed, 27 insertions(+), 1 deletion(-)

diff --git a/crowdsec-docs/unversioned/bouncers/firewall.mdx b/crowdsec-docs/unversioned/bouncers/firewall.mdx
index 5072dfb47..f210d5a98 100644
--- a/crowdsec-docs/unversioned/bouncers/firewall.mdx
+++ b/crowdsec-docs/unversioned/bouncers/firewall.mdx
@@ -342,6 +342,11 @@ Skip verification of the API certificate, typical for self-signed certificates
 
 disable interacting with ipv6 chains/sets, defaults to `false`
 
+### `disable_ipv4`
+> `true` | `false`
+
+disable interacting with ipv4 chains/sets, defaults to `false`
+
 ### `deny_action`
 > `DROP` | `REJECT`
 
@@ -362,7 +367,7 @@ if logging is true, this sets the log prefix, defaults to "crowdsec: "
 ### `iptables_chains`
 > []string
 
-specify a list of chains to insert rules
+specify a list of chains to insert rules into both ipv4 and ipv6
 
 ```yaml
 iptables_chains:
@@ -375,6 +380,27 @@ iptables_chains:
 If you are using a dockerized application and allow remote connections to the exposed port, you need to add the `DOCKER-USER` chain to the list of chains.
 :::
 
+### `iptables_v4_chains`
+> []string
+
+Specify a list of chains to insert rules into ipv4 only
+
+```yaml
+iptables_v4_chains:
+  - INPUT
+  - DOCKER-USER
+```
+
+### `iptables_v6_chains`
+> []string
+
+Specify a list of chains to insert rules into ipv6 only
+
+```yaml
+iptables_v6_chains:
+  - INPUT
+```
+
 ### `blacklists_ipv4`
 > string