IPSec Help Requested

I use the built-in IP filtering in the Windows XP OS. I have had great
success blocking nuisance IPs from connecting to my web server.

I built an FTP server that I want to block all incoming access to, then
allow a couple of specific IPs. It appears that I can only have one security
policy assigned at a time, so I added the block all statement to my
webserver ACL filter list

Any IP, My IP, TCP, Port 21, Inbound.

Yet I can still connect from an outside source. I can't see what I Did wrong
as the other blocks are working, the only difference is on this one I
specified the protocol, and the port.