Fail2ban ipset choice

[debashisparial]

I have a wordpress site on Ubuntu20.04 and Nginx that gets hit by large number of ip addresses, I use iptables-allport, but its pretty slow and has cpu overheads. I have read that ipsets are faster than iptables and want to use ipset to ban offending ip addresses. There are at least 3 ipset action conf files : iptables-ipset-proto4, iptables-ipset-proto6, iptables-ipset-proto6-allports, so which one to use?

Also, I came across this repo: fail2ban-ipset , any idea about this?

[sebres]

There are at least 3 ipset action conf files ... which one to use?

See https://serverfault.com/a/1082704/488604

Also, I came across this repo: fail2ban-ipset , any idea about this?

I don't like the idea for several reasons, most of them described in #2909 and others.
Preventive banning no matter in fail2ban or outside or a ban of large lists for recidive IPs for a long time (or still worse permanently) is not recommended at all, see #2925 (comment) for more info.
Also note that since v.0.11 fail2ban has a new feature bantime.increment which could be used instead.
The bottom line is that neither recidive jail nor persistent banning are expected if you use bantime increment - both are obsolete rudiments and retained for backwards compatibility only, so it is not really helpful, generates high load in fail2ban and net-subsystem due to too large set of IPs that never expired, and unneeded scanning of fail2ban.log (what recidive jail basically doing).
Moreover it is recommended to restrict it still more with bantime.maxtime = 5w - almost all evildoers would disappear if get banned several times for 5 weeks. And if don't - 5w is a extremely large bantime to get a chance to succeed a bruteforce, especially because maxretry gets automatically reduced to 1 for such known as bad IPs, so normally they would be banned immediately and so have maximal 10 attempts in year.