The plugin is GDPR compliant – The only detail relevant is the IP addresses that are stored in the database in the visitor log. This is done to detect repeat bad traffic.
Since the purpose of storing the IP addresses is to prevent abuse of your website this complies with GDPR rules as you do not need consent in this case from your visitors. Article 6.f – https://gdpr-info.eu/art-6-gdpr/
“We use firewall software to protect our website from malicious software and attacks. As part of this, every visitor’s IP is logged for up to 30 days. This is to identify repeat suspicious behavior. This is in accordance with GDPR Article 6.f – https://gdpr-info.eu/art-6-gdpr/”