diff --git a/Shorewall-common/changelog.txt b/Shorewall-common/changelog.txt
index f64b5341d..6b689e043 100644
--- a/Shorewall-common/changelog.txt
+++ b/Shorewall-common/changelog.txt
@@ -14,7 +14,7 @@ Changes in 4.1.2
 
 7)  Tighten up HIGH_ROUTE_MARKS in the OUTPUT chain.
 
-8)  Tweak 'track'.
+8)  Add 'nomarks' OPTION to tcdevices.
 
 Changes in 4.1.1
 
diff --git a/Shorewall-common/releasenotes.txt b/Shorewall-common/releasenotes.txt
index b060b5ba9..cf3891eb4 100644
--- a/Shorewall-common/releasenotes.txt
+++ b/Shorewall-common/releasenotes.txt
@@ -151,6 +151,46 @@ Other changes in Shorewall 4.1.2.
     b) After the -v and -q options are applied, the resulting value is
        adjusted to fall within the range -1 through 2.
 
+4)  The tcdevices file has been extended to include an OPTIONS
+    column. Currently only a single option is defined.
+
+    classify   When specified, you must use explicit CLASSIFY tcrules
+	       to classify traffic by class. Shorewall will not create
+               any CLASSIFY rules to classify traffic by mark value.
+
+    The 'classify' option should be specified when you want to do all
+    classification using CLASSIFY tcrules. Because CLASSIFY is not a
+    terminating target, every packet passes through all CLASSIFY
+    rules. 'classify' can prevent packets from having to pass through
+    useless additional rules.
+
+    Example:
+
+    /etc/shorewall/tcdevices
+
+	#INTERFACE	IN-BANDWITH	OUT-BANDWIDTH	OPTIONS
+	$EXT_IF		1300kbit	384kbit		classify
+
+    /etc/shorewall/tcclasses
+
+	#INTERFACE MARK	RATE	  CEIL	    PRIORITY OPTIONS
+	$EXT_IF	   10	5*full/10 full	    1	     tcp-ack,tos-minimize-delay
+	$EXT_IF	   20	2*full/10 6*full/10 2	     default
+	$EXT_IF	   30	2*full/10 6*full/10 3
+
+    /etc/shorewall/tcrules
+
+	#MARK	SOURCE		DEST	PROTO	PORT(S)	SOURCE
+	#                                               PORT(S)
+	1:110	192.168.0.0/22	$EXT_IF         
+	1:130	206.124.146.177 $EXT_IF	tcp     -       873
+
+    This example shows my own simple traffic shaping configuration. I
+    have three classes; one for traffic from our local network, one for
+    rsync from the master shorewall.net server, and one for all other
+    DMZ traffic. I use CLASSIFY rules to assign traffic to the first
+    and third class and let the rest default to the second class.
+
 Migration Issues.
 
 1)  Previously, when HIGH_ROUTE_MARKS=Yes, Shorewall allowed non-zero
diff --git a/Shorewall-common/tcdevices b/Shorewall-common/tcdevices
index f38530542..ae65e7611 100644
--- a/Shorewall-common/tcdevices
+++ b/Shorewall-common/tcdevices
@@ -6,5 +6,5 @@
 # See http://shorewall.net/traffic_shaping.htm for additional information.
 #
 ###############################################################################
-#INTERFACE	IN-BANDWITH	OUT-BANDWIDTH
+#INTERFACE	IN-BANDWITH	OUT-BANDWIDTH		OPTIONS
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
diff --git a/Shorewall-perl/Shorewall/Tc.pm b/Shorewall-perl/Shorewall/Tc.pm
index c37728175..1398af88d 100644
--- a/Shorewall-perl/Shorewall/Tc.pm
+++ b/Shorewall-perl/Shorewall/Tc.pm
@@ -318,8 +318,8 @@ sub calculate_quantum( $$ ) {
     int( ( $rate * 125 ) / $r2q );
 }
 
-sub validate_tc_device( $$$ ) {
-    my ( $device, $inband, $outband ) = @_;
+sub validate_tc_device( $$$$ ) {
+    my ( $device, $inband, $outband , $options ) = @_;
 
     fatal_error "Duplicate device ($device)"    if $tcdevices{$device};
     fatal_error "Invalid device name ($device)" if $device =~ /[:+]/;
@@ -327,6 +327,17 @@ sub validate_tc_device( $$$ ) {
     $tcdevices{$device} = {};
     $tcdevices{$device}{in_bandwidth}  = rate_to_kbit( $inband ) . 'kbit';
     $tcdevices{$device}{out_bandwidth} = rate_to_kbit( $outband ) . 'kbit';
+    $tcdevices{$device}{classify} = 0;
+
+    if ( $options ne '-' ) {
+	for my $option ( split /,/, $options ) {
+	    if ( $option eq 'classify' ) {
+		$tcdevices{$device}{classify} = 1;
+	    } else {
+		fatal_error "Unknown device option ($option)";
+	    }
+	}
+    }
 
     push @tcdevices, $device;
 
@@ -412,10 +423,10 @@ sub setup_traffic_shaping() {
 
 	while ( read_a_line ) {
 
-	    my ( $device, $inband, $outband ) = split_line 3, 3, 'tcdevices';
+	    my ( $device, $inband, $outband, $options ) = split_line 3, 4, 'tcdevices';
 
 	    fatal_error "Invalid tcdevices entry" if $outband eq '-';
-	    validate_tc_device( $device, $inband, $outband );
+	    validate_tc_device( $device, $inband, $outband , $options );
 	}
     }
 
@@ -510,10 +521,12 @@ sub setup_traffic_shaping() {
 	#
 	# add filters
 	#
-	if ( "$capabilities{CLASSIFY_TARGET}" && known_interface $device ) {
-	    push @deferred_rules, match_dest_dev( $device ) . "-m mark --mark $mark/0xFF -j CLASSIFY --set-class $classid";
-	} else {
-	    emit "run_tc filter add dev $device protocol ip parent $devnum:0 prio 1 handle $mark fw classid $classid";
+	unless ( $devref->{classify} ) {
+	    if ( "$capabilities{CLASSIFY_TARGET}" && known_interface $device ) {
+		push @deferred_rules, match_dest_dev( $device ) . "-m mark --mark $mark/0xFF -j CLASSIFY --set-class $classid";
+	    } else {
+		emit "run_tc filter add dev $device protocol ip parent $devnum:0 prio 1 handle $mark fw classid $classid";
+	    }
 	}
 	#
 	#options