Also:
"Meh... I haven't hand-coded an IPTables rule-set in years now."
Take a look at tools such as
Shorewall, which will process a specifications-file and
issue(!) the commands necessary to implement that firewall.
It is, in other words, a "DWIW = Do What I
Want" tool.
To me, the rather-enormous advantage of this approach is that the tool's configuration-files specify "what you
want," leaving it up to the tool itself "to
achieve that." (Such that, if it fails to do so, that's merely "a bug.")
This is vastly easier than trying to deal with command-scripts which may-or-may not "accomplish your intentions"
successfully, and in which in any case do not describe what "your intentions" actually
are.