--- tos.bak	2007-02-10 23:01:53.000000000 +0100
+++ tos	2007-02-25 14:53:59.000000000 +0100
@@ -43,7 +43,13 @@
 #				Minimize-Cost (2)
 #				Normal-Service (0)
 #
+#       MARK (Optional) If you wish to restrict this entry to packets
+#                       marked with a particular mark value.
+#                       mark/mask values are acceptable.
+#                       You can prepend "!" to the mark value to invert
+#                       the sense of this rule.
+#
 ###############################################################################
-#SOURCE		DEST		PROTOCOL	SOURCE	DEST	TOS
+#SOURCE		DEST		PROTOCOL	SOURCE	DEST	TOS	MARK
 #						PORTS	PORTS
 #LAST LINE -- Add your entries above -- DO NOT REMOVE
--- compiler.bak	2007-02-25 14:27:42.000000000 +0100
+++ compiler	2007-02-25 14:52:38.000000000 +0100
@@ -5616,6 +5616,15 @@
 
     protocol="${protocol:+-p $protocol}"
 
+    [ "x$mark" = x- ] && mark=
+    if [ -n "$mark" ]; then
+        if [ "$mark" = "${mark%!*}" ]; then
+            mark="-m mark --mark $mark"
+        else
+            mark="-m mark ! --mark ${mark#*!}"
+        fi
+    fi
+
     tos="-j TOS --set-tos $tos"
 
     case "$dstzone" in
@@ -5638,24 +5647,24 @@
 	case $srczone in
 	$FW)
 	    run_iptables2 -t mangle -A outtos \
-		$protocol $dest $dports $sports $tos
+		$protocol $dest $dports $sports $mark $tos
 	    ;;
 	all|ALL)
 	    run_iptables2 -t mangle -A outtos \
-		$protocol $dest $dports $sports $tos
+		$protocol $dest $dports $sports $mark $tos
 	    run_iptables2 -t mangle -A $chain \
-		$protocol $dest $dports $sports $tos
+		$protocol $dest $dports $sports $mark $tos
 	    ;;
 	*)
 	    if [ -n "$src" ]; then
 		run_iptables2 -t mangle -A $chain $src \
-		    $protocol $dest $dports $sports $tos
+		    $protocol $dest $dports $sports $mark $tos
 	    else
 		eval hosts=\$${srczone}_hosts
 
 		for host in $hosts; do
 		    run_iptables2 -t mangle -A $chain $(match_source $host) \
-			$protocol $dest $dports $sports $tos
+			$protocol $dest $dports $sports $mark $tos
 		done
 	    fi
 	    ;;
@@ -5686,8 +5695,8 @@
 	createmanglechain $chain
 	createmanglechain outtos
 
-	while read src dst protocol sport dport tos; do
-	    expandv src dst protocol sport dport tos
+	while read src dst protocol sport dport tos mark; do
+	    expandv src dst protocol sport dport tos mark
 	    rule="$(echo $src $dst $protocol $sport $dport $tos)"
 	    process_tos_rule
 	done < $TMP_DIR/tos