Hello, this command can be used to add iptables rule for incoming connections.
It will block connections to multiple defined ports. This time port 21 and 22 (FTP and SSH)

Code:
iptables -A INPUT -p tcp -m multiport --destination-port 21,22 src -j DROP
(not sure about " src" part)

if you want to block only IPs listed in your IPset blacklist, try:

Code:
iptables -A INPUT -p tcp -m multiport --destination-port 21,22 -m set --match-set blocklist src -j DROP
You may need to save the rules to survive reboot. On Debian/Ubuntu maybe like this:
Code:
sudo iptables-save|tee -a /etc/iptables/rules.v4 && sudo iptables-save|tee -a /etc/iptables/rules.v6