To combat the common misconception that filling Netfilters filter table INPUT chain is still a valid choice, to show ease of use and for future reference I'll outline how to mass block IP(v4) addresses and how to integrate this in fail2ban.
*This web log post will not explain the fine print on
ipset and iptables' {ipt,xt}_recent ('iptables -m recent --help'), nor will it tell you how to install anything, help you configure fail2ban, go into SysV vs BSD init scripts or application...