diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm
index 02c317d..e1e9577 100644
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@@ -2090,7 +2090,8 @@ sub require_audit($$;$) {
 
     my $target = 'A_' . $action;
 
-    fatal_error "Invalid parameter ($audit)" unless $audit eq 'audit';
+    fatal_error "Invalid parameter ($audit)"  unless $audit eq 'audit';
+    fatal_error "Invalid paramater ($action)" unless $action =~ /^DROP|REJECT|ACCEPT$/;
 
     require_capability 'AUDIT_TARGET', 'audit', 's';
 
@@ -2618,8 +2619,8 @@ sub optimize_level8( $$$ ) {
     progress_message "\n Table $table pass $passes, $chains referenced user chains, level 8...";
 
     for my $chainref ( @chains ) {
-	my $digest = '|';
-	$digest .= ' |' . format_rule( $chainref, $_, 1 ) for @{$chainref->{rules}};
+	my $digest = '';
+	$digest .= '|' . format_rule( $chainref, $_, 1 ) for @{$chainref->{rules}};
 	$chainref->{digest} = $digest;
     }
 
diff --git a/Shorewall/action.Broadcast b/Shorewall/action.Broadcast
index 3bc0462..7c85a07 100644
--- a/Shorewall/action.Broadcast
+++ b/Shorewall/action.Broadcast
@@ -37,13 +37,15 @@ use Shorewall::IPAddrs;
 use Shorewall::Config;
 use Shorewall::Chains;
 
-my $chainref           = get_action_chain;
 my ( $action, $audit ) = get_action_params( 2 );
+
+fatal_error "Invalid parameter ($audit) to action Broadcast"   if supplied $audit && $audit ne 'audit';
+fatal_error "Invalid parameter ($action) to action Broadcast"  unless $action =~ /^ACCEPT|DROP|REJECT$/;
+
+my $chainref           = get_action_chain;
 my ( $level, $tag )    = get_action_logging;
 my $target             = require_audit ( $action , $audit );
 
-fatal_error "Invalid parameter to action Broadcast"   if supplied $audit && $audit ne 'audit';
-
 if ( have_capability( 'ADDRTYPE' ) ) {
     if ( $level ne '' ) {
 	log_rule_limit $level, $chainref, 'dropBcast' , $action, '', $tag, 'add', ' -m addrtype --dst-type BROADCAST ';
diff --git a/Shorewall/action.Invalid b/Shorewall/action.Invalid
index 7f58e5d..a8aabbb 100644
--- a/Shorewall/action.Invalid
+++ b/Shorewall/action.Invalid
@@ -37,13 +37,15 @@ use Shorewall::IPAddrs;
 use Shorewall::Config;
 use Shorewall::Chains;
 
-my $chainref         = get_action_chain;
 my ( $action, $audit ) = get_action_params( 2 );
+
+fatal_error "Invalid parameter ($audit) to action Invalid"   if supplied $audit && $audit ne 'audit';
+fatal_error "Invalid parameter ($action) to action Invalid"  unless $action =~ /^ACCEPT|DROP|REJECT$/;
+
+my $chainref         = get_action_chain;
 my ( $level, $tag )  = get_action_logging;
 my $target           = require_audit ( $action , $audit );
 
-fatal_error "Invalid parameter to action Invalid"   if supplied $audit && $audit ne 'audit';
-
 log_rule_limit $level, $chainref, 'Invalid' , $action, '', $tag, 'add', "$globals{STATEMATCH} INVALID " if $level ne '';
 add_jump $chainref , $target, 0, "$globals{STATEMATCH} INVALID ";
 
diff --git a/Shorewall/action.NotSyn b/Shorewall/action.NotSyn
index 9a5b493..ae2226f 100644
--- a/Shorewall/action.NotSyn
+++ b/Shorewall/action.NotSyn
@@ -37,13 +37,15 @@ use Shorewall::IPAddrs;
 use Shorewall::Config;
 use Shorewall::Chains;
 
-my $chainref         = get_action_chain;
 my ( $action, $audit ) = get_action_params( 2 );
+
+fatal_error "Invalid parameter ($audit) to action NotSyn"   if supplied $audit && $audit ne 'audit';
+fatal_error "Invalid parameter ($action) to action NotSyn"  unless $action =~ /^ACCEPT|DROP|REJECT$/;
+
+my $chainref         = get_action_chain;
 my ( $level, $tag )  = get_action_logging;
 my $target           = require_audit ( $action , $audit );
 
-fatal_error "Invalid parameter to action NotSyn"   if supplied $audit && $audit ne 'audit';
-
 log_rule_limit $level, $chainref, 'NotSyn' , $action, '', $tag, 'add', '-p 6 ! --syn ' if $level ne '';
 add_jump $chainref , $target, 0, '-p 6 ! --syn ';