# ADD TO TOP
iptables -I INPUT 1 -s 10.88.195.2/32 -p tcp --dport 555  -j ACCEPT

# DELETE THAT RULE
iptables -D INPUT -s 10.88.195.2/32 -p tcp -m tcp --dport 555  -j ACCEPT

# REDIRECT TRAFFIC TO ANOTHER SERVER
iptables -t nat -A PREROUTING -p tcp --dport 8888 -j DNAT --to 192.168.88.33:8888

# change source ip address from 10.1.1.3 to 10.1.1.9 for destination 10.2.100.16:5060 tcp
iptables -t nat -A POSTROUTING -s 10.1.1.3 -d 10.2.100.16  -p tcp --destination-port 5060 -j SNAT --to 10.1.1.9

# SET DEFAULT
iptables -P INPUT ACCEPT

# log with limit
iptables -A INPUT -m limit --limit 2/min -j LOG --log-prefix "iptables-dropped: "

# port redirect from 8822 to 22
iptables -A FORWARD -m state -p tcp -d 10.123.0.52 --dport 22 --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A PREROUTING -p tcp --dport 8822 -j DNAT --to-destination 10.123.0.52:22

Links

http://conntrack-tools.netfilter.org/manual.html

http://people.netfilter.org/pablo/docs/login.pdf