I have implemented csf and lfd to prevent brute force attacks. I tested a brute-force attack on port 8090 by attempting to login with an incorrect password 10 times in a row.
lfd did not detect this attack. Perhaps this is because the failed login attempts on 8090 are not logged or lfd is not monitoring the correct log.
I really think 8090 should have brute-force protection. Either by 2FA or via lfd.