Use a tcp reset instead of just dropping the packet. Try -j REJECT.Using iptables, I can of cause deny access to cirtain IP addresses or websites, however, I'd like to make sure clients do not just get a timeout, not found or something alike. AFICS, it'll be difficult to set some errorresponce a browser can understand, allowing it to display a meaningful errorresponce.
