We currently use a number of linux routers, and currently a number of the team tend to jump into servers and change the routing rules when needed, and the auditing is becoming incredibly tedious.
For all other server configs we store in a git repository, and are migrating to using puppet. I haven't been able to figure out how to manage the iproute2 configuration however, as all changes are done live.
This was a similar question for cisco routers: Managing and auditing existing Cisco firewall access control and routing rules I'm wondering if something like this can be done in linux iproute2?
Rather than doing changes live you can create scripts which remove all current routing tables and create new fresh tables as per requirement. This script can also be added to system start-up. Backing of this script using some version control system should solve the problem.
While you could use the iptables-{save,restore} syntax, it won't diff well.
You need some language to generate the rules.
I am happy with shorewall, but since you are used to the iptables command, ferm would be more suited to your use case. ferm is syntactic sugar that adds nesting to iptables rules.