diff --git a/systemvm/patches/debian/config/etc/init.d/cloud-early-config b/systemvm/patches/debian/config/etc/init.d/cloud-early-config
index f7d752db7e8..dcd49cb63d4 100755
--- a/systemvm/patches/debian/config/etc/init.d/cloud-early-config
+++ b/systemvm/patches/debian/config/etc/init.d/cloud-early-config
@@ -987,6 +987,12 @@ setup_router() {
   cp /etc/iptables/iptables-router /etc/iptables/rules
   setup_sshd $ETH1_IP "eth1"
   load_modules
+
+  #Only allow DNS service for current network
+  sed -i "s/-A INPUT -i eth0 -p udp -m udp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p udp -m udp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules.v4
+  sed -i "s/-A INPUT -i eth0 -p udp -m udp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p udp -m udp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules
+  sed -i "s/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules.v4
+  sed -i "s/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules
 }
 
 
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/createIpAlias.sh b/systemvm/patches/debian/config/opt/cloud/bin/createIpAlias.sh
index cd273f69ad9..160bc5e887b 100755
--- a/systemvm/patches/debian/config/opt/cloud/bin/createIpAlias.sh
+++ b/systemvm/patches/debian/config/opt/cloud/bin/createIpAlias.sh
@@ -60,6 +60,7 @@ setup_apache2() {
 var="$1"
 cert="/root/.ssh/id_rsa.cloud"
 config_ips=""
+setDnsRules=0
 
 while [ -n "$var" ]
 do
@@ -71,6 +72,7 @@ do
  setup_apache2 "$routerip"
  config_ips="${config_ips}"$routerip":"
  var=$( echo $var | sed "s/${var1}-//" )
+ setDnsRules=1
 done
 
 #restarting the apache server for the config to take effect.
@@ -95,6 +97,33 @@ then
    unlock_exit $result $lock $locked
 fi
 
+if [ "$setDnsRules" -eq 1 ]
+then
+    //check wether chain exist
+    iptables-save -t filter | grep 'dnsIpAlias_allow'
+
+    if [ $? -eq  0 ]
+    then
+      iptables -F dnsIpAlias_allow
+    else
+        //if not exist create it
+        iptables -N dnsIpAlias_allow
+        iptables -A INPUT -i eth0 -p tcp --dport 53 -j dnsIpAlias_allow
+        iptables -A INPUT -i eth0 -p udp --dport 53 -j dnsIpAlias_allow
+    fi
+
+    for cidr in $(ip addr | grep eth0 | grep inet | awk '{print $2}');
+    do
+        iptables -A dnsIpAlias_allow  -i eth0 -p tcp --dport 53 -s $cidr -j ACCEPT
+        iptables -A dnsIpAlias_allow  -i eth0 -p udp --dport 53 -s $cidr -j ACCEPT
+    done
+else
+        iptables -D INPUT -i eth0 -p tcp --dport 53 -j dnsIpAlias_allow
+        iptables -D INPUT -i eth0 -p udp --dport 53 -j dnsIpAlias_allow
+        iptables -X dnsIpAlias_allow
+fi
+
+
 #restaring the password service to enable it on the ip aliases
 /etc/init.d/cloud-passwd-srvr restart
 unlock_exit $? $lock $locked
\ No newline at end of file
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/deleteIpAlias.sh b/systemvm/patches/debian/config/opt/cloud/bin/deleteIpAlias.sh
index 8b1491938a1..5c07028532d 100755
--- a/systemvm/patches/debian/config/opt/cloud/bin/deleteIpAlias.sh
+++ b/systemvm/patches/debian/config/opt/cloud/bin/deleteIpAlias.sh
@@ -55,6 +55,8 @@ service apache2 restart
 
 releaseLockFile $lock $locked
 
+iptables -F dnsIpAlias_allow
+
 #recreating the active ip aliases
 /opt/cloud/bin/createIpAlias.sh $2
 unlock_exit $? $lock $locked
\ No newline at end of file