IP sets are a framework inside the Linux kernel, which can be administered
by the ipset utility. Depending on the type, an IP set may store IP addresses,
networks, (TCP/UDP) port numbers, MAC addresses, interface names or
combinations of them in a way, which ensures lightning speed when matching
an entry against a set.

If you want to

* store multiple IP addresses or port numbers and match against the
  collection by iptables at one swoop;
* dynamically update iptables rules against IP addresses or ports without
  performance penalty;
* express complex IP address and ports based rulesets with one single
  iptables rule and benefit from the speed of IP sets 

then ipset may be the proper tool for you.