I used it for a project once. It is good, but make sure you have tested backup and restore (from scratch) before you need it. I found that to be a bit more problematic than usual server business. (but that was 6 years ago)

I second the use of nftables instead. Optimally with a pre-made role like this one: https://galaxy.ansible.com/ui/standalone/roles/ipr-cnrs/nftables/documentation/