diff --git a/patches/systemvm/debian/config/etc/init.d/cloud-early-config b/patches/systemvm/debian/config/etc/init.d/cloud-early-config
index 7eb3f1bcf27..a2bb16527f3 100755
--- a/patches/systemvm/debian/config/etc/init.d/cloud-early-config
+++ b/patches/systemvm/debian/config/etc/init.d/cloud-early-config
@@ -183,6 +183,20 @@ disable_rpfilter() {
   sed -i "s/net.ipv4.conf.default.rp_filter.*$/net.ipv4.conf.default.rp_filter = 0/" /etc/sysctl.conf 
 }
 
+disable_rpfilter_domR() {
+  log_it "cloud: disable rp_filter"
+  log_it "disable rpfilter"
+  sed -i "s/net.ipv4.conf.default.rp_filter.*$/net.ipv4.conf.default.rp_filter = 0/" /etc/sysctl.conf 
+  if [ "$DISABLE_RP_FILTER" == "true" ]
+  then
+      log_it "cloud: disable rp_filter : updating proc"
+      sed -i "s/net.ipv4.conf.eth2.rp_filter.*$/net.ipv4.conf.eth2.rp_filter = 0/" /etc/sysctl.conf 
+      sed -i "s/net.ipv4.conf.eth3.rp_filter.*$/net.ipv4.conf.eth3.rp_filter = 0/" /etc/sysctl.conf 
+      echo "0" > /proc/sys/net/ipv4/conf/eth2/rp_filter
+      echo "0" > /proc/sys/net/ipv4/conf/eth3/rp_filter
+  fi
+}
+
 enable_svc() {
   local svc=$1
   local enabled=$2
@@ -375,7 +389,7 @@ setup_router() {
   enable_svc haproxy 1
   enable_svc cloud-passwd-srvr 1
   enable_svc cloud 0
-  disable_rpfilter
+  disable_rpfilter_domR
   enable_fwding 1
   chkconfig nfs-common off
   cp /etc/iptables/iptables-router /etc/iptables/rules
@@ -560,6 +574,7 @@ parse_cmd_line() {
 CMDLINE=$(cat /var/cache/cloud/cmdline)
 TYPE="unknown"
 BOOTPROTO="static"
+DISABLE_RP_FILTER="false"
 
 for i in $CMDLINE
   do
@@ -567,6 +582,9 @@ for i in $CMDLINE
     KEY=$(echo $i | cut -d= -f1)
     VALUE=$(echo $i | cut -d= -f2)
     case $KEY in 
+      disable_rp_filter)
+          DISABLE_RP_FILTER=$VALUE
+          ;;
       eth0ip)
           ETH0_IP=$VALUE
           ;;
diff --git a/server/src/com/cloud/configuration/Config.java b/server/src/com/cloud/configuration/Config.java
index f2214464444..7e7e67f3d38 100755
--- a/server/src/com/cloud/configuration/Config.java
+++ b/server/src/com/cloud/configuration/Config.java
@@ -62,6 +62,8 @@ public enum Config {
 	NetworkLBHaproxyStatsUri("Network", ManagementServer.class, String.class, "network.loadbalancer.haproxy.stats.uri","/admin?stats","Load Balancer(haproxy) uri.",null),
 	NetworkLBHaproxyStatsAuth("Network", ManagementServer.class, String.class, "network.loadbalancer.haproxy.stats.auth","admin1:AdMiN123","Load Balancer(haproxy) authetication string in the format username:password",null),
 	NetworkLBHaproxyStatsPort("Network", ManagementServer.class, String.class, "network.loadbalancer.haproxy.stats.port","8081","Load Balancer(haproxy) stats port number.",null),		
+	NetworkRouterRpFilter("Network", ManagementServer.class, Integer.class, "network.disable.rpfilter", "true", "disable rp_filter on Domain Router VM public interfaces.", null),
+    
 	GuestVlanBits("Network", ManagementServer.class, Integer.class, "guest.vlan.bits", "12", "The number of bits to reserve for the VLAN identifier in the guest subnet.", null),
 	//MulticastThrottlingRate("Network", ManagementServer.class, Integer.class, "multicast.throttling.rate", "10", "Default multicast rate in megabits per second allowed.", null),
 	NetworkThrottlingRate("Network", ManagementServer.class, Integer.class, "network.throttling.rate", "200", "Default data transfer rate in megabits per second allowed in network.", null),
diff --git a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
index fd7148c74a2..15dafc1f439 100755
--- a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
+++ b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
@@ -313,6 +313,8 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian
     private ServiceOfferingVO _offering;
     private String trafficSentinelHostname;
     private String _dnsBasicZoneUpdates = "all";
+    
+    private boolean _disable_rp_filter = false;
 
     ScheduledExecutorService _executor;
     ScheduledExecutorService _checkExecutor;
@@ -584,6 +586,11 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian
             _instance = "DEFAULT";
         }
         
+        String rpValue = configs.get("network.disable.rpfilter");
+        if (rpValue != null && rpValue.equalsIgnoreCase("true")) {
+            _disable_rp_filter = true;
+        }
+        
         _dnsBasicZoneUpdates = String.valueOf(_configDao.getValue(Config.DnsBasicZoneUpdates.key()));
 
         s_logger.info("Router configurations: " + "ramsize=" + _routerRamSize);
@@ -1208,7 +1215,7 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian
 
         String type = null;
         String dhcpRange = null;
-
+        String rpFilter = " ";
         DataCenter dc = dest.getDataCenter();
         DataCenterVO dcVO = _dcDao.findById(dc.getId());
         _dcDao.loadDetails(dcVO);
@@ -1224,10 +1231,13 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian
             type = "dhcpsrvr";
         } else {
             type = "router";
+            if (_disable_rp_filter) {
+                rpFilter=" disable_rp_filter=true";
+            }
         }
 
         StringBuilder buf = profile.getBootArgsBuilder();
-        buf.append(" template=domP type=" + type);
+        buf.append(" template=domP type=" + type+rpFilter);
         buf.append(" name=").append(profile.getHostName());
 
         boolean isRedundant = _configDao.getValue("network.redundantrouter").equals("true");
diff --git a/setup/db/db/schema-229to2210.sql b/setup/db/db/schema-229to2210.sql
index dab13dbff8f..2c44bbb3299 100644
--- a/setup/db/db/schema-229to2210.sql
+++ b/setup/db/db/schema-229to2210.sql
@@ -35,6 +35,7 @@ INSERT IGNORE INTO configuration VALUES ('Network', 'DEFAULT', 'management-serve
 INSERT IGNORE INTO configuration VALUES ('Network', 'DEFAULT', 'management-server', 'network.loadbalancer.haproxy.stats.uri','/admin?stats','Load Balancer(haproxy) uri.');
 INSERT IGNORE INTO configuration VALUES ('Network', 'DEFAULT', 'management-server', 'network.loadbalancer.haproxy.stats.auth','admin1:AdMiN123','Load Balancer(haproxy) authetication string in the format username:password');
 INSERT IGNORE INTO configuration VALUES ('Network', 'DEFAULT', 'management-server', 'network.loadbalancer.haproxy.stats.port','8081','Load Balancer(haproxy) stats port number.');
+INSERT IGNORE INTO configuration VALUES ('Network', 'DEFAULT', 'management-server', 'network.disable.rpfilter','true','disable rp_filter on Domain Router VM public interfaces.');
 INSERT IGNORE INTO configuration VALUES ('Advanced', 'DEFAULT', 'NetworkManager', 'use.external.dns', 'false', 'Bypass the cloudstack DHCP/DNS server vm name service, use zone external dns1 and dns2');
 INSERT IGNORE INTO configuration VALUES ('Advanced', 'DEFAULT', 'management-server', 'network.loadbalancer.basiczone.elb.enabled', 'false', 'Whether the load balancing service is enabled for basic zones');
 INSERT IGNORE INTO configuration VALUES ('Advanced', 'DEFAULT', 'management-server', 'network.loadbalancer.basiczone.elb.gc.interval.minutes', '120', 'Garbage collection interval to destroy unused ELB vms in minutes. Minimum of 5');