A big Thank You to Paul, Mathew and Robert (who replied off-list).
Lots of extremely useful tips there - I must admit, it hadn't occured to me to set up a cron job to remove the rules after 5 minutes in case of problems, and the startup script makes a lot of sense. Yes I did mean Secure FTP so it will be using port 22, possibly one of the most targetted ports!
Are these posts archived? As there is so much useful info appearing here that could help others new to Bitfolk