tl;dr: You can block IP’s using IPtables DROP command:
sudo iptables -A INPUT -s i.p.add.ress -p TCP -j DROP
However, this is hard to maintain. Use the ipset tool:
sudo apt-get install ipset
sudo ipset create banthis hash:net
sudo ipset list
sudo ipset add banthis i.p.add.ress
sudo ipset add banthis i.p.add.ress
sudo ipset add banthis i.p.add.ress
then add the ipset:
sudo iptables -I INPUT -m set --match-set banthis src -p tcp --destination-port 80 -j DROP