Sooner or later everyone is faced with the human factor (in other words, "when a hand not from that place grow")
Assuming error in the config it can be easily fixed by adjusting the config again.
But in the case of iptables it is not so simple, because when copying a config, you can easily lose access (elementary error in the interface name or ip of the server, etc. etc.)
What I'm getting:
There is an option to write a bash script which will allow you to stick to one, then the Triger when the loss of communication with the server.
The logic is this:
Start a bash script with iptables rules
1) immediately after starting at regular intervals to the previous config:
2) apply a new rule chain and runs Triger
3) checked the Triger.
Versions of the Triger until you see the following:
create a file and
if it is removed for 1 minute:
to check whether there is a connection to the server on ssh port (but not reliably)
to leave myself a loophole for the ssh port via an optional script and after 5 minutes delete it
What else is there?