The plugin is GDPR compliant – The only detail relevant is the IP addresses that are stored in the database in the visitor log. This is done to detect repeat bad traffic.
Since the purpose of storing the IP addresses is to prevent abuse of your website this complies with GDPR rules as you do not need consent in this case from your visitors. Article 6.f – https://gdpr-info.eu/art-6-gdpr/
There is nothing that connects the IP data to any other identifiable information about your visitors.
To be fully GDPR compliant you need to update your Privacy Policy to inform your visitors that you are storing the IP information, The IP data is stored for a maximum of 30 days and is automatically purged. You only need to inform your visitors of this, you do not need to get their approval.
Here is a suggestion of wording for your privacy policy page:
“We use firewall software to protect our website from malicious software and attacks. As part of this, every visitor’s IP is logged for up to 30 days. This is to identify repeat suspicious behavior. This is in accordance with GDPR Article 6.f – https://gdpr-info.eu/art-6-gdpr/”