diff --git a/qbittorrent/iptables.sh b/qbittorrent/iptables.sh
index 0507731..e54230d 100644
--- a/qbittorrent/iptables.sh
+++ b/qbittorrent/iptables.sh
@@ -76,6 +76,20 @@ if [[ "${DEBUG}" == "true" ]]; then
 	lsmod
 fi
 
+# check we have iptable_mangle, if so setup fwmark
+lsmod | grep iptable_mangle
+iptable_mangle_exit_code=$?
+
+if [[ $iptable_mangle_exit_code == 0 ]]; then
+	echo "[INFO] iptable_mangle support detected, adding fwmark for tables" | ts '%Y-%m-%d %H:%M:%.S'
+
+	# setup route for qBittorrent webui using set-mark to route traffic for port 8080 and 8999 to "${docker_interface}"
+	echo "8080    webui" >> /etc/iproute2/rt_tables
+	echo "8999    webui" >> /etc/iproute2/rt_tables
+	ip rule add fwmark 1 table webui
+	ip route add default via ${DEFAULT_GATEWAY} table webui
+fi
+
 # input iptable rules
 ###
 
@@ -141,6 +155,13 @@ iptables -A OUTPUT -s "${docker_network_cidr}" -d "${docker_network_cidr}" -j AC
 # accept output from vpn gateway
 iptables -A OUTPUT -o "${docker_interface}" -p $VPN_PROTOCOL --dport $VPN_PORT -j ACCEPT
 
+# if iptable mangle is available (kernel module) then use mark
+if [[ $iptable_mangle_exit_code == 0 ]]; then
+	# accept output from qBittorrent webui port - used for external access
+	iptables -t mangle -A OUTPUT -p tcp --dport 8080 -j MARK --set-mark 1
+	iptables -t mangle -A OUTPUT -p tcp --sport 8080 -j MARK --set-mark 1
+fi
+
 # accept output from qBittorrent webui port - used for lan access
 iptables -A OUTPUT -o "${docker_interface}" -p tcp --dport 8080 -j ACCEPT
 iptables -A OUTPUT -o "${docker_interface}" -p tcp --sport 8080 -j ACCEPT