As I mentioned earlier, I already use fail2ban to perform IP address blocking with more than five unsuccessful authentication attempts every 5 minutes.
With respect to the lists zz.countries.nerd.dk and origin.asn.spameatingmonkey.net. Do these lists only contain malicious ip and asn? Should I use the output of that list with a condition?