I have an AlmaLinux 8 server running CSF + LFD, using ipset for a larger corpus. Load looked very, very high, and I noted in the web server logs that IPs which were blocked in CSF were hammering some of my domains. So I did a systemctl status on iptables. It responded that iptables was "dead". systemctl status csf showed that CSF was running.
I did a "systemctl iptables start", and load plummeted to next to nothing.
I was of the impression that CSF handled the iptables stuff. Does iptables need to be run separately? Do I need to set up some sort of monitoring on this?