Hi. There could be multiple causes for the rules being removed prematurely. If no mechanism is being used to save and restore the chain rules, for example, then any changes will be lost when the system is rebooted or iptables is restarted.
Is an ancillary data store - e.g. an SQL database or CSV file - being used to store a list of the IP addresses and expiry dates? Or is the expiry date being stored in the firewall rule itself - e.g. using the 'time' IPtables extension?
Rules which use the 'time' match extension (with --datestart and --datestop parameters) are not automatically removed when 'datestop' is passed, so the PHP script would have to be selectively removing them. It may be that the script is not examining or reading these rules correctly. You mention timestamps in the UNIX epoch format, for example, but iptables typically accepts and shows the timestamps in YYYY-MM-DDTHH:MM:SS form.
How soon before the expiry date are the rules being removed? Timezones may also be an issue - depending on the time-frames involved and how accurate the timing needs to be.
Is a CRON job being used to trigger the PHP script?
I am based in Ireland - so my operating hours are a bit different to those in Canada.