Instead of appending everying to the INPUT chain use a
First create the new chain and add the rule to jump there:
iptables -I INPUT -i eth1 -p tcp --dport ssh -j FWBAN
iptables -A FWBAN -j RETURN
Then to add ips:
iptables -I FWBAN 1 -i eth1 -s <ip> -j DROP
This way you would only use resources for the IPs that
try to hack in to SSH.
Of course you may want to block all access from these
IPs. Then you should not use --dport, but only this:
iptables -I INPUT -i eth1 -j FWBAN
iptables -I INPUT -i eth1 -m state --state NEW -j FWBAN
It is just a thought.