There are cases where I want to change the iptables rapdily and reliably. But these cases don't really change any rule order. They only change just the IP addresses of a rule (or gang of rules).
Here's my idea. Designate some IP addresses for this special purpose, such as 0.1.X.Y where X.Y represents 65536 possible address objects. The address objects are stored in the kernel with a means for root or designated users to access them. There would be a /proc entry for this, with...