diff --git a/New/Shorewall/Chains.pm b/New/Shorewall/Chains.pm
index d5e075d9b..487165626 100644
--- a/New/Shorewall/Chains.pm
+++ b/New/Shorewall/Chains.pm
@@ -84,6 +84,7 @@ our @EXPORT = qw( STANDARD
 		  do_test
 		  do_ratelimit
 		  do_user
+		  do_tos
 		  iprange_match
 		  match_source_net
 		  match_dest_net
@@ -805,6 +806,15 @@ sub do_user( $ ) {
 
     $rule;
 }
+
+#
+# Create a "-m tos" match for the passed TOS[/MASK]
+#
+sub do_tos( $ ) {
+    my $tos = $_[0];
+
+    $tos && $tos ne '-' ? "-m tos --tos $tos " : '';
+}    
 	
 #
 # Avoid generating a second '-m iprange' in a single rule.
diff --git a/New/Shorewall/Tc.pm b/New/Shorewall/Tc.pm
index 1bceebb29..f5bad8177 100644
--- a/New/Shorewall/Tc.pm
+++ b/New/Shorewall/Tc.pm
@@ -207,7 +207,7 @@ sub process_tc_rule( $$$$$$$$$$ ) {
     expand_rule 
 	ensure_chain( 'mangle' , $chain ) ,
 	NO_RESTRICT ,
-	do_proto( $proto, $ports, $sports) . do_test( $testval, $mask ) ,
+	do_proto( $proto, $ports, $sports) . do_test( $testval, $mask ) . do_tos( $tos ) ,
 	$source ,
 	$dest ,
 	'' ,