There are firewall management tools that manage IPtables rules trying to make it easier, the firewall management tools don’t implement their own version of IPtables in the kernel.
Realistically “AppArmor” should have just been made as management tools implemented through SELinux rules instead of creating a incompatible system from SELinux. If they had done that, then people wouldn’t have to go through this and could just focus on the actual security issues. Also programs wouldn’t have to have multiple profiles written for them (one for SELinux and one for Apparmor). I really wish they had done that.