From 53fbd13005e936fb8f13b4a5c3762fad75390b4d Mon Sep 17 00:00:00 2001
From: Wiliel F <wilief@amazon.com>
Date: Mon, 14 Nov 2022 14:24:40 -0600
Subject: [PATCH] added warning in Access Control for IP Address conversion
 CIDR bypass on NLB (#2868)

---
 docs/guide/service/annotations.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/docs/guide/service/annotations.md b/docs/guide/service/annotations.md
index 5b918b78d..a6433c841 100644
--- a/docs/guide/service/annotations.md
+++ b/docs/guide/service/annotations.md
@@ -415,6 +415,10 @@ Load balancer access can be controlled via following annotations:
         This annotation will be ignored in case preserve client IP is not enabled.
         - preserve client IP is disabled by default for `IP` targets
         - preserve client IP is enabled by default for `instance` targets
+    
+    !!!warning ""
+        Preserve client IP has no effect on traffic converted from IPv4 to IPv6 and on traffic converted from IPv6 to IPv4. The source IP of this type of traffic is always the private IP address of the Network Load Balancer.
+        - This could cause the clients that have their traffic converted to bypass the specified CIDRs that are allowed to access the NLB.
 
     !!!example
         ```