You could potentially have a perl script that is executed every X minutes by cron (or that loops and sleeps) and compares the current set of rules to the last-known set to detect differences.
thanks for your replies guys, all good suggestions although i need something that will trigger immediately rather than polling at regular intervals. I wouldnt know where to start with hacking the linux kernel! I've found a few iptables modules on cpan, might see if i can use those.