I'd ditch the D-Link, switch to iptables, and script something that adds the IP's automatically using fail2ban or something along those lines. That d-link is really old at this point... (I have one, don't use it) and well... it's time to do something different if you're trying to be effective.
Also trying to block based on MAC address won't work for external addresses as the source mac would always be your gateway / modem / router / whatever is upstream. Using a host based firewall is probably a better option... but still not a huge fan of most of them.
Not really... you can obsecure them through a proxy, but banning that proxy still accomplishes banning the user until they find a different proxy. True that they can get new IP's when they reconnect with their ISP but that requires action on their part. Realistically if you can automate it and ban IP's for an hour at a time then that's probably about as good as you can accomplish.
Also, why you can't "spoof" IP's easily for gaming... reason is simple... that if you want to game with that IP (even cheating) you still have to have a way to get the return packet back to you, and a spoofed packet won't route back to you. Hence why you typically see spoofed packets in connectionless attacks like synfloods and all, but it's impossible to "spoof" the IP in the packet if you need to be able to complete the 3-way handshake on a TCP connection. And yes, I know most games like to use UDP which is connectionless, however the UDP traffic still has to route back to you for the 2 way communication.