diff --git a/Shorewall/Macros/macro.allowInvalid b/Shorewall/Macros/macro.allowInvalid
deleted file mode 100644
index 14e76f96d..000000000
--- a/Shorewall/Macros/macro.allowInvalid
+++ /dev/null
@@ -1,11 +0,0 @@
-#
-# Shorewall version 4 - allowInvalid
-#
-# /usr/share/shorewall/macro.allowInvalid
-#
-#	This macro accepts packets in the INVALID conntrack state
-#
-###############################################################################
-#ACTION			SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#						PORT(S)	PORT(S)	LIMIT	GROUP
-Invalid(ACCEPT)		-	-	-
diff --git a/Shorewall/Macros/macro.dropInvalid b/Shorewall/Macros/macro.dropInvalid
deleted file mode 100644
index bfcc221a5..000000000
--- a/Shorewall/Macros/macro.dropInvalid
+++ /dev/null
@@ -1,11 +0,0 @@
-#
-# Shorewall version 4 - dropInvalid
-#
-# /usr/share/shorewall/macro.dropInvalid
-#
-#	This macro drops packets in the INVALID conntrack state
-#
-###############################################################################
-#ACTION			SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#						PORT(S)	PORT(S)	LIMIT	GROUP
-Invalid(DROP)		-	-	-
diff --git a/Shorewall/Perl/Shorewall/Rules.pm b/Shorewall/Perl/Shorewall/Rules.pm
index f7ff82688..882ba0713 100644
--- a/Shorewall/Perl/Shorewall/Rules.pm
+++ b/Shorewall/Perl/Shorewall/Rules.pm
@@ -252,9 +252,9 @@ sub initialize( $ ) {
     @columnstack       = ();
 
     if ( $family == F_IPV4 ) {
-	@builtins = qw/dropBcast allowBcast dropNotSyn rejNotSyn allowinUPnP forwardUPnP Limit/;
+	@builtins = qw/dropBcast allowBcast dropNotSyn rejNotSyn dropInvalid allowInvalid allowinUPnP forwardUPnP Limit/;
     } else {
-	@builtins = qw/dropBcast allowBcast dropNotSyn rejNotSyn/;
+	@builtins = qw/dropBcast allowBcast dropNotSyn rejNotSyn dropInvalid allowInvalid/;
     }
 }
 
@@ -1508,6 +1508,8 @@ sub dropNotSyn ( $$$$ ) {
 sub rejNotSyn ( $$$$ ) {
     my ($chainref, $level, $tag, $audit) = @_;
 
+    warning_message "rejNotSyn is deprecated in favor of NotSyn(REJECT)";
+
     my $target = 'REJECT --reject-with tcp-reset';
 
     if ( supplied $audit ) {
@@ -1518,6 +1520,28 @@ sub rejNotSyn ( $$$$ ) {
     add_ijump $chainref , j => $target, p => '6 ! --syn';
 }
 
+sub dropInvalid ( $$$$ ) {
+    my ($chainref, $level, $tag, $audit) = @_;
+
+    warning_message "dropInvalid is deprecated in favor of Invalid(DROP)";
+
+    my $target = require_audit( 'DROP', $audit );
+
+    log_rule_limit $level, $chainref, 'dropInvalid' , 'DROP', '', $tag, 'add', "$globals{STATEMATCH} INVALID " if $level ne '';
+    add_ijump $chainref , j => $target, state_imatch 'INVALID';
+}
+
+sub allowInvalid ( $$$$ ) {
+    my ($chainref, $level, $tag, $audit) = @_;
+
+    warning_message "allowInvalid is deprecated in favor of Invalid(ACCEPT)";
+
+    my $target = require_audit( 'ACCEPT', $audit );
+
+    log_rule_limit $level, $chainref, 'allowInvalid' , 'ACCEPT', '', $tag, 'add', "$globals{STATEMATCH} INVALID " if $level ne '';
+    add_ijump $chainref , j => $target, state_imatch 'INVALID';
+}
+
 sub forwardUPnP ( $$$$ ) {
     my $chainref = set_optflags( 'forwardUPnP', DONT_OPTIMIZE );
 
@@ -1580,6 +1604,8 @@ my %builtinops = ( 'dropBcast'      => \&dropBcast,
 		   'allowBcast'     => \&allowBcast,
 		   'dropNotSyn'     => \&dropNotSyn,
 		   'rejNotSyn'      => \&rejNotSyn,
+		   'dropInvalid'    => \&dropInvalid,
+		   'allowInvalid'   => \&allowInvalid,
 		   'allowinUPnP'    => \&allowinUPnP,
 		   'forwardUPnP'    => \&forwardUPnP,
 		   'Limit'          => \&Limit,
@@ -1833,7 +1859,7 @@ sub process_macro ($$$$$$$$$$$$$$$$$$$$) {
 
 	my $actiontype = $targets{$action} || find_macro( $action );
 
-	fatal_error( "Invalid Action ($mtarget) in macro") unless $actiontype;
+	fatal_error( "Invalid Action ($mtarget) in macro") unless $actiontype & ( ACTION + STANDARD + NATRULE + MACRO + CHAIN );
 
 	if ( $msource ) {
 	    if ( $msource eq '-' ) {
diff --git a/Shorewall/actions.std b/Shorewall/actions.std
index 5cff4c8a4..860937a87 100644
--- a/Shorewall/actions.std
+++ b/Shorewall/actions.std
@@ -15,6 +15,10 @@
 #    dropBcast		# Silently Drop Broadcast/multicast
 #    dropNotSyn		# Silently Drop Non-syn TCP packets
 #    rejNotSyn		# Silently Reject Non-syn TCP packets
+#    dropInvalid	# Silently Drop packets that are in the INVALID
+#			# conntrack state.
+#    allowInvalid	# Accept packets that are in the INVALID
+#			# conntrack state.
 #    allowoutUPnP	# Allow traffic from local command 'upnpd' (does not
 #                       # work with kernel 2.6.14 and later).
 #    allowinUPnP	# Allow UPnP inbound (to firewall) traffic
diff --git a/Shorewall6/actions.std b/Shorewall6/actions.std
index 4d7d6cf35..d284ed22a 100644
--- a/Shorewall6/actions.std
+++ b/Shorewall6/actions.std
@@ -12,6 +12,10 @@
 #    dropBcasts         # Silently Drop multicast and anycast packets
 #    dropNotSyn		# Silently Drop Non-syn TCP packets
 #    rejNotSyn		# Silently Reject Non-syn TCP packets
+#    dropInvalid	# Silently Drop packets that are in the INVALID
+#			# conntrack state.
+#    allowInvalid	# Accept packets that are in the INVALID
+#			# conntrack state.
 #
 ###############################################################################
 #ACTION