I wonder, why is "Drop invalid" necessary in input chain?
In the end of the input chain there is "Drop all". Should it take care of "invalid"?
Some firewall rule sets follow "drop not needed" rather than "allow only needed" philosophy ... and in this case "drop invalid" rule is strictly necessary. IMO "allow only needed" approach is much safer in most cases, in case of some more liberal ISPs the "drop not needed" for forward chain can be better ... But it does show that mixing recipes that might follow different philosophies (or are confused already) can lead to confusing firewall rule set.
Psychological reasons aside, "drop invalid" rule early in the chain can strenghten firewall because this way invalid packets that would otherwise be accepted by other rules are dropped anyway.
Consider a (trivial) case where firewall rules allow ssh connection to router (can be via management interface even) ... some atacker might start sending packets targeting TCP port 22 but that are otherwise invalid (i.e. initial packet is not strictly SYN packet or it's segment number is out of sync with ongoing SSH connection). Those packets are invalid as per connection tracking state, but without early "drop invalid" they would still be delivered to ssh service of ROS potentially affecting its functioning and/or performance.