Nice piece of works.
Just a small critique : your are logging invalid packets. Logging is very dangerous, as an attacker could easily DDOS your computer sending enought invalid trafic to make your harddrive busy. I would recommend to make some "limit" rules about logging, to make sure you don't write more than, let's say, 1 invalid trafic per second?
Btw, your default policy to OUTPUT is to DROP... are you sure this is right? I mean, you won't be able to reach the outside world from this box?! or maybe I missed something...