IPTables does not block IP with ipset immediately

I have the following IPTableswith IPSetas the source of the rule to block the attack IP, but when I add the attacker IPin IPSet, in my access log nginxI still see continuous access to the attack IP. After a while, possibly 3-5 minutes, it IPwas blocked.

Iptables

~$ sudo iptables -nvL --line-numbers
Chain INPUT (policy ACCEPT 317K packets, 230M bytes)
num   pkts bytes target     prot opt in     out     source               destination
1     106K 6004K DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            match-set Blacklist src

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination
1        0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            match-set Blacklist src

Chain OUTPUT (policy ACCEPT 350K packets, 58M bytes)
num   pkts bytes target     prot opt in     out     source               destination

ipset

sudo ipset -L
Name: Blacklist
Type: hash:ip
Revision: 4
Header: family inet hashsize 1024 maxelem 65536 timeout 60
Size in memory: 13280
References: 2
Members:
xxx.xxx.xxx.xxx(attacker ip) timeout 0

I don’t know why this rule doesn’t work right away, which makes me go crazy just like an attacker laughs at me.

I add IPSetto the rule IPTableswith an option -Ithat should contain the rule in the first position. So maybe Chain INPUT(policy Accept)do the trick?

Please help me, thanks a lot.

BTW.

Nginx+Djano/uWSGI , script nginx, ip Blacklist ipset.