diff --git a/docs/calico.md b/docs/calico.md
index 937cc05d39a59e345bd1002303c6aec8b42aa0dd..ce9432cafcdcfd53236a0d95992afd5b33c6be8f 100644
--- a/docs/calico.md
+++ b/docs/calico.md
@@ -187,7 +187,7 @@ The inventory above will deploy the following topology assuming that calico's
 
 ### Optional : Define default endpoint to host action
 
-By default Calico blocks traffic from endpoints to the host itself by using an iptables DROP action. When using it in kubernetes the action has to be changed to RETURN (default in kubespray) or ACCEPT (see <https://github.com/projectcalico/felix/issues/660> and <https://github.com/projectcalico/calicoctl/issues/1389).> Otherwise all network packets from pods (with hostNetwork=False) to services endpoints (with hostNetwork=True) within the same node are dropped.
+By default Calico blocks traffic from endpoints to the host itself by using an iptables DROP action. When using it in kubernetes the action has to be changed to RETURN (default in kubespray) or ACCEPT (see <https://docs.tigera.io/calico/latest/network-policy/hosts/protect-hosts#control-default-behavior-of-workload-endpoint-to-host-traffic> ) Otherwise all network packets from pods (with hostNetwork=False) to services endpoints (with hostNetwork=True) within the same node are dropped.
 
 To re-define default action please set the following variable in your inventory: