Note that mod_security is not a firewall. It is an Apache module intended to increase the security of Web sites. It is not the same, and does not have the same intended purpose, as an actual firewall.
Also note that the iptables firewall is built into the Linux kernel and is present on all modern Linux systems. CSF is just a front-end for configuring it. iptables syntax can be very complex, so Web-based configuration tools like CSF are very popular for putting a user-friendly interface on it. What CSF is really doing, though, is configuring the iptables firewall that is built into the Linux kernel.