I have a small server (SMTP, POP3, web, DNS, etc) behind Netgear R6220 with OpenWRT.
I'd like to do centralized firewall with blocking hostile and botnet-infected IPs globally on it, because setting it up on every VM is not optimal.
I've configured fail2ban on that box and VMs for particular services to use blocklist.de and other services like that to identify malicious IPs that tried to connect to my systems. I've created long-term (8 hrs) SSHD jails in fail2ban instances. I have almost 5,000 IP addresses in some of them, obviously in ipset-based jail, because using plain iptables for that would jam the host.
Given the limited resources of router such as https://openwrt.org/toh/netgear/netgear_r6220, is it feasible to use such ipset jail (that I'd manually create on my manual iptables firewall, I'm not using built-in firewall) to block that many addresses, like 5-6K?