diff --git a/Shorewall/action.Broadcast b/Shorewall/action.Broadcast
index 3bc046232..7c85a0723 100644
--- a/Shorewall/action.Broadcast
+++ b/Shorewall/action.Broadcast
@@ -37,13 +37,15 @@ use Shorewall::IPAddrs;
 use Shorewall::Config;
 use Shorewall::Chains;
 
-my $chainref           = get_action_chain;
 my ( $action, $audit ) = get_action_params( 2 );
+
+fatal_error "Invalid parameter ($audit) to action Broadcast"   if supplied $audit && $audit ne 'audit';
+fatal_error "Invalid parameter ($action) to action Broadcast"  unless $action =~ /^ACCEPT|DROP|REJECT$/;
+
+my $chainref           = get_action_chain;
 my ( $level, $tag )    = get_action_logging;
 my $target             = require_audit ( $action , $audit );
 
-fatal_error "Invalid parameter to action Broadcast"   if supplied $audit && $audit ne 'audit';
-
 if ( have_capability( 'ADDRTYPE' ) ) {
     if ( $level ne '' ) {
 	log_rule_limit $level, $chainref, 'dropBcast' , $action, '', $tag, 'add', ' -m addrtype --dst-type BROADCAST ';
diff --git a/Shorewall/action.Invalid b/Shorewall/action.Invalid
index 7f58e5d92..a8aabbbe8 100644
--- a/Shorewall/action.Invalid
+++ b/Shorewall/action.Invalid
@@ -37,13 +37,15 @@ use Shorewall::IPAddrs;
 use Shorewall::Config;
 use Shorewall::Chains;
 
-my $chainref         = get_action_chain;
 my ( $action, $audit ) = get_action_params( 2 );
+
+fatal_error "Invalid parameter ($audit) to action Invalid"   if supplied $audit && $audit ne 'audit';
+fatal_error "Invalid parameter ($action) to action Invalid"  unless $action =~ /^ACCEPT|DROP|REJECT$/;
+
+my $chainref         = get_action_chain;
 my ( $level, $tag )  = get_action_logging;
 my $target           = require_audit ( $action , $audit );
 
-fatal_error "Invalid parameter to action Invalid"   if supplied $audit && $audit ne 'audit';
-
 log_rule_limit $level, $chainref, 'Invalid' , $action, '', $tag, 'add', "$globals{STATEMATCH} INVALID " if $level ne '';
 add_jump $chainref , $target, 0, "$globals{STATEMATCH} INVALID ";
 
diff --git a/Shorewall/action.NotSyn b/Shorewall/action.NotSyn
index 9a5b49354..ae2226f16 100644
--- a/Shorewall/action.NotSyn
+++ b/Shorewall/action.NotSyn
@@ -37,13 +37,15 @@ use Shorewall::IPAddrs;
 use Shorewall::Config;
 use Shorewall::Chains;
 
-my $chainref         = get_action_chain;
 my ( $action, $audit ) = get_action_params( 2 );
+
+fatal_error "Invalid parameter ($audit) to action NotSyn"   if supplied $audit && $audit ne 'audit';
+fatal_error "Invalid parameter ($action) to action NotSyn"  unless $action =~ /^ACCEPT|DROP|REJECT$/;
+
+my $chainref         = get_action_chain;
 my ( $level, $tag )  = get_action_logging;
 my $target           = require_audit ( $action , $audit );
 
-fatal_error "Invalid parameter to action NotSyn"   if supplied $audit && $audit ne 'audit';
-
 log_rule_limit $level, $chainref, 'NotSyn' , $action, '', $tag, 'add', '-p 6 ! --syn ' if $level ne '';
 add_jump $chainref , $target, 0, '-p 6 ! --syn ';