If you manually build your own rulesets i suggest that you do not "just write a small shell script full of iptables calls", because over time those small shell scripts become large shell scripts and ...