This evening I read the iptables man page and Linux iptables Pocket Reference from cover-to-cover; my notes are here: Netfilter.
I think at this point I am ready to use iptables in anger for the first time in a long time, and the first time ever on a router.
However, before I take that on, I’m going to have a quick diversion into the following books, and then sleep, and I will do my iptables programming when I wake up tomorrow.