None of those speak to the reliability of iptables. They all sound like skill issues.

In 15 years of network engineering iptables has been the simplest part.

A layered approach with hardware firewalls is valid but when those firewalls get popped, looking at you Cisco, Fortinet, and PA you still want host level restrictions.
Your firewall or switch should never be used as a jump host to servers