Are you familiar with port knocking? My servers will only open port 22, or some other port, after two specific ports have been knocked on in order. It completely eliminates the log files getting clogged.
The bots have been port scanning me for decades. They just don't know which two ports to hit to open 22 for their IP address. Simply iterating won't get then there, and fail2ban doesn't afford them much opportunity to probe.
