...or, unless, that system is being used by users who are humans.
Sure and prevent all legitimate users from the entire subnet access to the server. Banning IPs is a very bad idea as some ISPs serving thousands of users may have only one public IP. By doing so you've just helped a successful DOS attack, which denied access to many legitimate users.
...and simplify DOS attacks further to this server: just access this server from multiple IPs and it will automatically shut down, how cool is that!
I would consider such server system highly insecure because if you rely on IP address whitelist, you are immediately a candidate for IP spoofing.
Bookmarks