You do know firewalld is just a wrapper to iptables itself. On CentOS 7 at least iptables service (iptables-services yum package) and iptables are 2 things. With firewalld default, all firewalld is doing taking over from iptables-service to talk with iptables . https://fedoraproject.org/wiki/Firewalld?rd=FirewallD
The firewall daemon on the other hand manages the firewall dynamically and applies changes without restarting the whole firewall. Therefore there is no need to reload all firewall kernel modules. But using a firewall daemon requires that all firewall modifications are done with that daemon to make sure that the state in the daemon and the firewall in kernel are in sync. The firewall daemon can not parse firewall rules added by the ip*tables and ebtables command line tools.
So basically, you are choosing between which method of talking to iptables, via firewalld (dynamic) or iptables-service (static)
Static Firewall (system-config-firewall/lokkit)
The actual static firewall model with system-config-firewall and lokkit will still be available and usable, but not at the same time as the daemon is running. The user or admin can decide which firewall solution should be used by enabling the corresponding services.
It is planned to add a selector for the firewall solution to be used at install time or in first boot. The configuration of the other solution will stay intact and can be enabled simply by switching to the other model.
The firewall daemon is independent to system-config-firewall, but should not be used at the same time.
I would also prefer CSF especially for their compatibility with server control panels. However if you are going to choose between firewalld and iptables-service for iptables rules management I would recommend firewalld mainly because it is easier and do not require firewall restart like iptables-service do.