diff -Nru linux-2.4.20/Documentation/Configure.help linux-2.4.20-pom2patch/Documentation/Configure.help
--- linux-2.4.20/Documentation/Configure.help	2003-05-02 12:56:11.000000000 -0500
+++ linux-2.4.20-pom2patch/Documentation/Configure.help	2003-05-02 12:56:14.000000000 -0500
@@ -2738,6 +2738,18 @@
   Documentation/modules.txt.  If unsure, say `N'.
 
 
+REALM match support
+CONFIG_IP_NF_MATCH_REALM
+  This option adds a `realm' match, which allows you to use the realm
+  key from the routing subsytem inside iptables.
+
+  This match pretty much resembles the CONFIG_NET_CLS_ROUTE4 option 
+  in tc world.
+
+  If you want to compile it as a module, say M here and read
+  Documentation/modules.txt.  If unsure, say `N'.
+
+
 TOS match support
 CONFIG_IP_NF_MATCH_TOS
   TOS matching allows you to match packets based on the Type Of
diff -Nru linux-2.4.20/include/linux/netfilter_ipv4/ipt_realm.h linux-2.4.20-pom2patch/include/linux/netfilter_ipv4/ipt_realm.h
--- linux-2.4.20/include/linux/netfilter_ipv4/ipt_realm.h	1969-12-31 18:00:00.000000000 -0600
+++ linux-2.4.20-pom2patch/include/linux/netfilter_ipv4/ipt_realm.h	2003-05-02 12:56:13.000000000 -0500
@@ -0,0 +1,8 @@
+#ifndef _IPT_REALM_H
+#define _IPT_REALM_H
+
+struct ipt_realm_info {
+    unsigned long id, mask;
+    u_int8_t invert;
+};
+#endif /*_IPT_REALM_H*/
diff -Nru linux-2.4.20/net/ipv4/netfilter/Config.in linux-2.4.20-pom2patch/net/ipv4/netfilter/Config.in
--- linux-2.4.20/net/ipv4/netfilter/Config.in	2003-05-02 12:56:11.000000000 -0500
+++ linux-2.4.20-pom2patch/net/ipv4/netfilter/Config.in	2003-05-02 12:56:13.000000000 -0500
@@ -45,6 +45,7 @@
   dep_tristate '  TTL match support' CONFIG_IP_NF_MATCH_TTL $CONFIG_IP_NF_IPTABLES
   dep_tristate '  tcpmss match support' CONFIG_IP_NF_MATCH_TCPMSS $CONFIG_IP_NF_IPTABLES
   dep_tristate '  stealth match support' CONFIG_IP_NF_MATCH_STEALTH $CONFIG_IP_NF_IPTABLES
+  dep_tristate '  realm match support' CONFIG_IP_NF_MATCH_REALM $CONFIG_IP_NF_IPTABLES
   if [ "$CONFIG_IP_NF_CONNTRACK" != "n" ]; then
     dep_tristate '  Helper match support' CONFIG_IP_NF_MATCH_HELPER $CONFIG_IP_NF_IPTABLES
   fi
diff -Nru linux-2.4.20/net/ipv4/netfilter/Makefile linux-2.4.20-pom2patch/net/ipv4/netfilter/Makefile
--- linux-2.4.20/net/ipv4/netfilter/Makefile	2003-05-02 12:56:11.000000000 -0500
+++ linux-2.4.20-pom2patch/net/ipv4/netfilter/Makefile	2003-05-02 12:56:14.000000000 -0500
@@ -93,6 +93,7 @@
 obj-$(CONFIG_IP_NF_MATCH_UNCLEAN) += ipt_unclean.o
 obj-$(CONFIG_IP_NF_MATCH_TCPMSS) += ipt_tcpmss.o
 obj-$(CONFIG_IP_NF_MATCH_STEALTH) += ipt_stealth.o
+obj-$(CONFIG_IP_NF_MATCH_REALM) += ipt_realm.o
 
 # targets
 obj-$(CONFIG_IP_NF_TARGET_REJECT) += ipt_REJECT.o
diff -Nru linux-2.4.20/net/ipv4/netfilter/ipt_realm.c linux-2.4.20-pom2patch/net/ipv4/netfilter/ipt_realm.c
--- linux-2.4.20/net/ipv4/netfilter/ipt_realm.c	1969-12-31 18:00:00.000000000 -0600
+++ linux-2.4.20-pom2patch/net/ipv4/netfilter/ipt_realm.c	2003-05-02 12:56:13.000000000 -0500
@@ -0,0 +1,66 @@
+/* Kernel module to match realm from routing. */
+#include <linux/module.h>
+#include <net/ip.h>
+#include <net/route.h>
+#include <linux/skbuff.h>
+#include <linux/if_ether.h>
+
+#include <linux/netfilter_ipv4/ipt_realm.h>
+#include <linux/netfilter_ipv4/ip_tables.h>
+
+MODULE_LICENSE("GPL");
+
+static int
+match(const struct sk_buff *skb,
+      const struct net_device *in,
+      const struct net_device *out,
+      const void *matchinfo,
+      int offset,
+      const void *hdr,
+      u_int16_t datalen,
+      int *hotdrop)
+{
+    struct dst_entry *dst;
+    u32 id;
+    const struct ipt_realm_info *info = matchinfo;
+    
+    if((dst = skb->dst) == NULL)
+         return 0;
+    id = dst->tclassid;
+
+    return (info->id == (id & info->mask)) ^ info->invert;
+}
+
+static int check(const char *tablename,
+                 const struct ipt_ip *ip,
+		 void *matchinfo,
+		 unsigned int matchsize,
+		 unsigned int hook_mask)
+{
+	if (hook_mask
+	    & ~((1 << NF_IP_POST_ROUTING) | (1 << NF_IP_FORWARD) | (1 << NF_IP_LOCAL_OUT)| (1 << NF_IP_LOCAL_IN))) {
+		printk("ipt_realm: only valid for POST_ROUTING, LOCAL_OUT, LOCAL_IN or FORWARD.\n");
+		return 0;
+	}
+
+	if (matchsize != IPT_ALIGN(sizeof(struct ipt_realm_info)))
+		return 0;
+
+	return 1;
+}
+
+static struct ipt_match realm_match
+= { { NULL, NULL }, "realm", &match, &check, NULL, THIS_MODULE };
+
+static int __init init(void)
+{
+	return ipt_register_match(&realm_match);
+}
+
+static void __exit fini(void)
+{
+	ipt_unregister_match(&realm_match);
+}
+
+module_init(init);
+module_exit(fini);
