Make the Invalid Drop rules uniform across sample files.

Signed-off-by: Tom Eastep <teastep@shorewall.net>

Shorewall/Samples/Universal/rules

@@ -13,6 +13,6 @@
 #SECTION ESTABLISHED
 #SECTION RELATED
 SECTION NEW
-
+Invalid(DROP)	net		$FW		tcp
 SSH(ACCEPT)	net		$FW
 Ping(ACCEPT)	net		$FW

Shorewall/Samples/one-interface/rules

@@ -18,6 +18,10 @@
 #SECTION RELATED
 SECTION NEW
 
+# Drop packets in the INVALID state
+
+Invalid(DROP)  net    	        $FW		tcp
+
 # Drop Ping from the "bad" net zone.. and prevent your log from being flooded..
 
 Ping(DROP)	net		$FW

Shorewall/Samples/three-interfaces/rules

@@ -20,7 +20,7 @@ SECTION NEW
 
 #       Don't allow connection pickup from the net
 #
-Invalid(DROP)	net		all
+Invalid(DROP)	net		all		tcp
 #
 #	Accept DNS connections from the firewall to the Internet
 #

Shorewall/Samples/two-interfaces/rules

@@ -20,7 +20,7 @@ SECTION NEW
 
 #       Don't allow connection pickup from the net
 #
-Invalid(DROP)	net		all
+Invalid(DROP)	net		all		tcp
 #
 #	Accept DNS connections from the firewall to the network
 #

Shorewall6/Samples6/Universal/rules

@@ -14,5 +14,6 @@
 #SECTION RELATED
 SECTION NEW
 
+Invalid(DROP)	net		$FW		tcp
 SSH(ACCEPT)	net		$FW
 Ping(ACCEPT)	net		$FW

Shorewall6/Samples6/one-interface/rules

@@ -18,6 +18,10 @@
 #SECTION RELATED
 SECTION NEW
 
+# Drop packets in the INVALID state
+
+Invalid(DROP)  net    	        $FW		tcp
+
 # Drop Ping from the "bad" net zone.. and prevent your log from being flooded..
 
 Ping(DROP)	net		$FW

Shorewall6/Samples6/three-interfaces/rules

@@ -20,7 +20,7 @@ SECTION NEW
 
 #       Don't allow connection pickup from the net
 #
-Invalid(DROP)	net		all
+Invalid(DROP)	net		all		tcp
 #
 #	Accept DNS connections from the firewall to the Internet
 #

Shorewall6/Samples6/two-interfaces/rules

@@ -20,7 +20,7 @@ SECTION NEW
 
 #       Don't allow connection pickup from the net
 #
-Invalid(DROP)	net		all
+Invalid(DROP)	net		all		tcp
 #
 #	Accept DNS connections from the firewall to the network
 #