No, what I meant is if when an attacker is found if ASL send a command to the iptables firewall in order to block him. Because if it doesn't use the iptables firewall I cant disable it as a service and win some ram since I have the external firewall ...
If I understand your question, yes if active reponse is enabled ASL will use Netfilter (iptables is just the command line tool to access the built in firewall in Linux called Netfilter) to block the source IP for a period of time.
ASL uses Netfilter as an additional means of blocking attackers when:
1) Longer term shuns are necessary
2) When a service itself does not provide an adequate means of blocking an attacker
We do not recommend you disable or remove iptables from your system.
As an aside, Netfilter is extremely lightweight and uses very little memory, so if you are trying to save memory Netfilter would be the absolutely last thing I would worry about. If your system is that low on memory that you believe you need to upload netfilter modules, I highly recommend you get more memory. You are unlikely to notice any difference on a modern system in terms of memory usage if you unload netfilter, and your system would be unlikely to do much if it needed the tiny little bit of memory the kernel uses for Netfilter.
I hope this answered your question.