--- tos.orig	2007-04-26 10:58:59.000000000 +0200
+++ tos	2007-04-26 10:59:21.000000000 +0200
@@ -4,6 +4,6 @@
 # For information about entries in this file, type "man shorewall-tos"
 #
 ###############################################################################
-#SOURCE		DEST		PROTOCOL	SOURCE	DEST	TOS
+#SOURCE		DEST		PROTOCOL	SOURCE	DEST	TOS	MARK
 #						PORTS	PORTS
 #LAST LINE -- Add your entries above -- DO NOT REMOVE
--- manpages/shorewall-tos.5.orig	2007-04-02 01:45:18.000000000 +0200
+++ manpages/shorewall-tos.5	2007-04-26 11:00:38.000000000 +0200
@@ -55,6 +55,11 @@
         \fBtos\-minimize\-cost\fR (2)
         \fBtos\-normal\-service\fR (0)
 .fi
+.TP
+\fBMARK\fR (Optional) \(em [[\fB!\fR]\fImark\fR[\fB/\fR\fImasq\fR]]
+If you wish to restrict this entry to packets marked with a particular mark value.
+mark/mask values are acceptable.
+You can prepend "!" to the mark value to invert the sense of this rule.
 .SH FILES
 /etc/shorewall/tos
 .SH "SEE ALSO"
--- compiler.orig	2007-04-01 00:28:50.000000000 +0200
+++ compiler	2007-04-26 11:03:45.000000000 +0200
@@ -2937,6 +2937,15 @@
 
     protocol="${protocol:+-p $protocol}"
 
+    [ "x$mark" = x- ] && mark=
+    if [ -n "$mark" ]; then
+        if [ "$mark" = "${mark%!*}" ]; then
+            mark="-m mark --mark $mark"
+        else
+            mark="-m mark ! --mark ${mark#*!}"
+        fi
+    fi
+
     tos="-j TOS --set-tos $tos"
 
     case "$dstzone" in
@@ -2959,24 +2968,24 @@
 	case $srczone in
 	$FW)
 	    run_iptables2 -t mangle -A outtos \
-		$protocol $dest $dports $sports $tos
+		$protocol $dest $dports $sports $mark $tos
 	    ;;
 	all|ALL)
 	    run_iptables2 -t mangle -A outtos \
-		$protocol $dest $dports $sports $tos
+		$protocol $dest $dports $sports $mark $tos
 	    run_iptables2 -t mangle -A $chain \
-		$protocol $dest $dports $sports $tos
+		$protocol $dest $dports $sports $mark $tos
 	    ;;
 	*)
 	    if [ -n "$src" ]; then
 		run_iptables2 -t mangle -A $chain $src \
-		    $protocol $dest $dports $sports $tos
+		    $protocol $dest $dports $sports $mark $tos
 	    else
 		eval hosts=\$${srczone}_hosts
 
 		for host in $hosts; do
 		    run_iptables2 -t mangle -A $chain $(match_source $host) \
-			$protocol $dest $dports $sports $tos
+			$protocol $dest $dports $sports $mark $tos
 		done
 	    fi
 	    ;;
@@ -3008,8 +3017,8 @@
 	createmanglechain $chain
 	createmanglechain outtos
 
-	while read src dst protocol sport dport tos; do
-	    rule="$(echo $src $dst $protocol $sport $dport $tos)"
+	while read src dst protocol sport dport tos mark; do
+	    rule="$(echo $src $dst $protocol $sport $dport $tos $mark)"
 	    process_tos_rule
 	done < $TMP_DIR/tos
 
