diff --git a/debian/changelog b/debian/changelog
index 2bf116a..2f7118b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+eofirewall (0.1-20110308.1) unstable; urgency=low
+
+  * Fix ! position
+
+ -- Jérôme Schneider <jschneider@entrouvert.com>  Tue, 08 Mar 2011 11:43:41 +0100
+
 eofirewall (0.1-20110307.1) unstable; urgency=low
 
   * Initial release
diff --git a/firewall b/firewall
index 94131d2..2e1119d 100755
--- a/firewall
+++ b/firewall
@@ -44,7 +44,7 @@ forward_port()
     dest_port=$(echo $destination | cut -d ":" -f2)
 
     echo "+ Forward $port to $destination for protocol $proto"
-    $IPTABLES -A FORWARD -i $WAN_INT -o $LAN_INT -p $proto -s $source -d $dest_ip --dport $dest_port -m state --state ! INVALID -j ACCEPT
+    $IPTABLES -A FORWARD -i $WAN_INT -o $LAN_INT -p $proto -s $source -d $dest_ip --dport $dest_port -m state ! --state INVALID -j ACCEPT
     $IPTABLES -t nat -A PREROUTING -i $WAN_INT -p $proto -s $source -d $IP --dport $port -j DNAT --to $destination
 }
 
@@ -76,12 +76,12 @@ start()
     $IPTABLES -A OUTPUT -o lo -j ACCEPT
 
     echo "+ Allow WAN outgoing traffic"
-    $IPTABLES -A OUTPUT -o $WAN_INT -p all -m state --state ! INVALID -j ACCEPT
+    $IPTABLES -A OUTPUT -o $WAN_INT -p all -m state ! --state INVALID -j ACCEPT
     $IPTABLES -A INPUT -i $WAN_INT -p all -m state --state ESTABLISHED,RELATED  -j ACCEPT
 
     if [ $LAN == 1 ]; then
         echo "+ Allow WAN outgoing traffic from lan"
-        $IPTABLES -A FORWARD -i $LAN_INT -o $WAN_INT -p all -m state --state ! INVALID -j ACCEPT
+        $IPTABLES -A FORWARD -i $LAN_INT -o $WAN_INT -p all -m state ! --state INVALID -j ACCEPT
         $IPTABLES -A FORWARD -i $WAN_INT -o $LAN_INT -p all -m state --state RELATED,ESTABLISHED -j ACCEPT
 
         echo "+ Allow local network"
@@ -89,7 +89,7 @@ start()
         $IPTABLES -A INPUT  -i $LAN_INT -p all -j ACCEPT
         for ALLOW_INT in $ALLOW_INTS; do
                 echo "+ Allow WAN outgoing traffic for interface $ALLOW_INT"
-                $IPTABLES -A FORWARD -i $ALLOW_INT -o $WAN_INT -p all -m state --state ! INVALID -j ACCEPT
+                $IPTABLES -A FORWARD -i $ALLOW_INT -o $WAN_INT -p all -m state ! --state INVALID -j ACCEPT
                 $IPTABLES -A FORWARD -i $WAN_INT -o $ALLOW_INT -p all -m state --state RELATED,ESTABLISHED -j ACCEPT
 
                 echo "+ Allow local network"
@@ -167,7 +167,7 @@ start()
         ports=$(echo $traffic | cut -d "-" -f3)
         for port in $(echo $ports | sed 's/,/ /g'); do
             echo "+ Open port $port to $source for protocol $proto"
-                $IPTABLES -A INPUT -i $WAN_INT -p $proto -s $source -d $IP --dport $port -m state --state ! INVALID -j ACCEPT
+                $IPTABLES -A INPUT -i $WAN_INT -p $proto -s $source -d $IP --dport $port -m state ! --state INVALID -j ACCEPT
         done
     done