Monitoring for invalid rules

Create a cronjob or zabbix monitoring thing that checks the rulesets every hour or so. Alert when it fails (because it will also fail on boot). This should create a file with rules that load correctly and can be loaded by the initscript without calling iptables-compile again.