How to fail fast with iptables?

Inspired by the [Pi-hole](http://jacobsalmela.com/block-millions-ads-network-wide-with-a-raspberry-pi-hole-2-0/) I set up my own one. What it does: 1. The Pi-hole is configured as a dedicated IP in my local net on a virtual adapter of Raspberry Pi. 2. Get list of known spam / phishing / ad server names. 3. Use dnsmasq as a local DNS to resolve these server names to a local IP (aka the Pi-hole) 4. On the Pi-hole lighttpd serves empty html pages and pixel images instead of the phishing sites or ads 5. All browsers in my net on desktops / smartphones / tablets alike get rid of a unwanted content This approach has the benefit that it does not impact things like VirtualHosts on the same (original) target IP. It just blocks the hosts by name. The disadvantage is that it works only at home... This setup works fine for 99% of the roughly 1,6 million sites but some sites use https or different ports such 8080 to server their content. As the empty content is just served on port 80 theses sites take forever until eg. Firefox gives up. To make it work for all and all the time I would like to stop serving content to the requesting devices and get rid of lighttpd and add some simple iptables rules so that the connection to the Pi-hole fails fast. How can I tell the requesting party to give up fast? (Means, how should the rules for this special host look like.) Any suggestions for a good approach?