Best Pratice for Troubleshooting IPTables

So the system admin that I took over for has been using Unix/Linux in some for form around 30 years.

Since taking over, I always seem to run into issues when setting up new users to access Linux servers or say installing new software and its trying to scan or access other Linux servers. When talking to my manager, he seems to think that the previous sys admin has the firewall rules too tight and makes it hard to work with. Right now I'm trying to get a balance between useability and security.

So I'm wondering if others can advise on how to troubleshoot on IPTables. I am aware of how to setup logging for IPTables and I'm also reading the book Linux Firewalls to get a better idea, however I wanted to reach out.

thanks