diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm
index f68c5833d..1ac5038e5 100644
--- a/Shorewall/Perl/Shorewall/Config.pm
+++ b/Shorewall/Perl/Shorewall/Config.pm
@@ -461,6 +461,7 @@ sub initialize( $ ) {
 	      DYNAMIC_BLACKLIST => undef,
 	      LOAD_HELPERS_ONLY => undef,
 	      REQUIRE_INTERFACE => undef,
+	      FORWARD_CLEAR_MARK => undef,
 	      #
 	      # Packet Disposition
 	      #
@@ -582,6 +583,7 @@ sub initialize( $ ) {
 	      DYNAMIC_BLACKLIST => undef,
 	      LOAD_HELPERS_ONLY => undef,
 	      REQUIRE_INTERFACE => undef,
+	      FORWARD_CLEAR_MARK => undef,
 	      #
 	      # Packet Disposition
 	      #
@@ -2952,6 +2954,9 @@ sub get_configuration( $ ) {
     default_yes_no 'OPTIMIZE_ACCOUNTING'        , '';
     default_yes_no 'DYNAMIC_BLACKLIST'          , 'Yes';
     default_yes_no 'REQUIRE_INTERFACE'          , '';
+    default_yes_no 'FORWARD_CLEAR_MARK'         , have_capability 'MARK' ? 'Yes' : '';
+
+    require_capability 'MARK' , 'FOREWARD_CLEAR_MARK=Yes', 's', if $config{FORWARD_CLEAR_MARK};
 
     numeric_option 'TC_BITS',          $config{WIDE_TC_MARKS} ? 14 : 8 , 0;
     numeric_option 'MASK_BITS',        $config{WIDE_TC_MARKS} ? 16 : 8,  $config{TC_BITS};
diff --git a/Shorewall/Perl/Shorewall/Tc.pm b/Shorewall/Perl/Shorewall/Tc.pm
index 9ab530e2d..7ef6a9e81 100644
--- a/Shorewall/Perl/Shorewall/Tc.pm
+++ b/Shorewall/Perl/Shorewall/Tc.pm
@@ -1383,7 +1383,7 @@ sub setup_tc() {
 	add_jump $mangle_table->{OUTPUT} ,     'tcout', 0, $mark_part;
 
 	if ( have_capability( 'MANGLE_FORWARD' ) ) {
-	    add_rule( $mangle_table->{FORWARD},     '-j MARK --set-mark 0' ) if have_capability 'MARK';
+	    add_rule( $mangle_table->{FORWARD},     '-j MARK --set-mark 0' ) if $config{FORWARD_CLEAR_MARK};
 	    add_jump $mangle_table->{FORWARD} ,     'tcfor',  0;
 	    add_jump $mangle_table->{POSTROUTING} , 'tcpost', 0;
 	}
diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt
index 57c93ec9a..1608714ff 100644
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@@ -18,6 +18,8 @@ Changes in Shorewall 4.4.11
 8)  Make find_hosts_by_option() work correctly where ALL_IP appears in
     hosts file.
 
+9)  Add CLEAR_FORWARD_MARK option.
+
 Changes in Shorewall 4.4.10
 
 1)  Fix regression with scripts.
diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt
index 564fdb874..a1c9d47cd 100644
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@@ -278,6 +278,15 @@ None.
 
     See http://www.shorewall.net/Vserver.html for details.
 
+2)  A new CLEAR_FORWARD_MARK option has been added to shorewall.conf
+    and shorewall6.conf. 
+
+    Traditionally, Shorewall has cleared the packet mark in the first
+    rule in the mangle FORWARD chain. This behavior is maintained with
+    the default setting (CLEAR_FORWARD_MARK=Yes). If the new option is
+    set to No, packet marks set in the PREROUTING chain are retained in
+    the FORWARD chains.
+
 ----------------------------------------------------------------------------
 V I.  P R O B L E M S  C O R R E C T E D  A N D  N E W   F E A T U R E S
       I N   P R I O R  R E L E A S E S
diff --git a/manpages/shorewall.conf.xml b/manpages/shorewall.conf.xml
index 729afded8..72b0afc96 100644
--- a/manpages/shorewall.conf.xml
+++ b/manpages/shorewall.conf.xml
@@ -562,6 +562,20 @@ net     all  DROP   info</programlisting>then the chain name is 'net2all'
         </listitem>
       </varlistentry>
 
+      <varlistentry>
+        <term><emphasis role="bold">FORWARD_CLEAR_MARK=</emphasis>{<emphasis
+        role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>}</term>
+
+        <listitem>
+          <para>Added in Shorewall 4.4.11 Beta 3. Traditionally, Shorewall has
+          cleared the packet mark in the first rule in the mangle FORWARD
+          chain. This behavior is maintained with the default setting of this
+          option (CLEAR_FORWARD_MARK=Yes). If FORWARD_CLEAR_MARK is set to
+          'No', packet marks set in the mangle PREROUTING chain are retained
+          in the FORWARD chains.</para>
+        </listitem>
+      </varlistentry>
+
       <varlistentry>
         <term><emphasis role="bold">HIGH_ROUTE_MARKS=</emphasis>{<emphasis
         role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>}</term>
diff --git a/manpages6/shorewall6.conf.xml b/manpages6/shorewall6.conf.xml
index 193d9102b..dbab2cc7d 100644
--- a/manpages6/shorewall6.conf.xml
+++ b/manpages6/shorewall6.conf.xml
@@ -477,6 +477,20 @@ net     all  DROP   info</programlisting>then the chain name is 'net2all'
         </listitem>
       </varlistentry>
 
+      <varlistentry>
+        <term><emphasis role="bold">FORWARD_CLEAR_MARK=</emphasis>{<emphasis
+        role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>}</term>
+
+        <listitem>
+          <para>Added in Shorewall 4.4.11 Beta 3. Traditionally, Shorewall has
+          cleared the packet mark in the first rule in the mangle FORWARD
+          chain. This behavior is maintained with the default setting of this
+          option (CLEAR_FORWARD_MARK=Yes). If FORWARD_CLEAR_MARK is set to
+          'No', packet marks set in the mangle PREROUTING chain are retained
+          in the FORWARD chains.</para>
+        </listitem>
+      </varlistentry>
+
       <varlistentry>
         <term><emphasis role="bold">HIGH_ROUTE_MARKS=</emphasis>{<emphasis
         role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>}</term>