Blacklisting malicious IP's on your perimeter firewall, is it worth doing?

Quite often we'll add the public IP's to a blacklist that we see persistently triggering alerts. The thing is, the firewall threat prevention/IPS is blocking their attacks anyway. And often the source IP's are just too numerous to keep blacklisting them.

So it feels like a futile activity really. Chances are they'll be attacking/scanning from different IP's in the near future anyway.

Then of course there is the possibility an IP you blacklisted is used by a legitimate source in …

alerts attacks blocking course cybersecurity doing firewall future ips malicious near perimeter prevention public scanning threat threat prevention