Most people with this situation handle it with some abstraction.
For example. Instead of having a single file with your rule set, why not build a set of files with your rules and concatenate them together.
For example you might add individual rules into files named like this.
/etc/iptables-rules/00_flush_drop/etc/iptables-rules/20_permitotherstuff/etc/iptables-rules/10_permitssh/etc/iptables-rules/99_dropThen just run the rule set with run-parts /etc/iptables-rules. If you need to add another set of rules, just temporarily insert add a file. and then remove as needed.
You should also strongly be looking at setting up and using CHAINS in your configuration. Chains are kind of like sub-routines. You could for example add a rule at the very top of your firewall to jump into a chain. Chains have a default policy of RETURN. So when you needed to add a temporary rule, you just insert it into that CHAIN. When you you longer require it, just flush that particular chain.
