How to block, deny or redirect an IP address or website domain
iptables is helpful if it is only a few ip / domain names.
With iptables you can restrict based on user, group, and/or time although to do so you need to use the OUTPUT table. So to allow root, and a group "web", use
# this allows root for things such as apt-get
sudo iptables -A OUTPUT -m owner --uid-owner root -j ACCEPT
# this allows users of the group web
# create a group, web, and add users to it to allow access
sudo iptables -A OUTPUT -m owner --gid-owner web -j ACCEPT
# These two rules allow access to port 80 and 443 over the lunch hour
sudo iptables -A OUTPUT -o eth0 -p tcp -m multiport --dports 80,443 -m time --timestart 12:00 --timestop 13:00 -j ACCEPT
sudo iptables -A OUTPUT -o eth0 -p tcp -m multiport --dports 80,443 -j DROP
But as your needs grow more complex, it is helpful to use proxies. For example you can use privoxy (and others) for adblock. Squid adds in filtering and more complex rules (acl or access control lists), but is likely over kill for a home user.
You then make the proxy transparent with iptables
# This allows root
sudo iptables -A OUTPUT -m owner --uid-owner root -j ACCEPT
# This allows privoxy, which serves as adblock
sudo iptables -A OUTPUT -p tcp --dport 80 -m owner --uid-owner privoxy -j ACCEPT
# this blocks direct access to ports 80 to all other users
sudo iptables -A OUTPUT -p tcp --dport 80 -j DROP
# This allows squid to access privoxy (I think squid runs as "proxy")
#sudo iptables -A OUTPUT -o lo -p tcp --dport 8118 -m owner --uid-owner proxy -j ACCEPT
# this rule blocks other users from direct access to privoxy
sudo iptables -A OUTPUT -o lo -p tcp --dport 8118 -j DROP
# Redirect all outgoing traffic on port 80 to squid listening on port 3128
sudo iptables -t nat -A OUTPUT -p tcp --dport 80 -m owner ! --uid-owner privoxy -j REDIRECT --to-port 3128
Now you install and configure privoxy and squid
Ubuntu server guide squid
Ubuntu wiki privoxy
The problem with this method is you then need to install squidguard, configure squid, etc, which would be a long post and better suited to a larger LAN.
I found a better solution for you, moblock , it comes with a blacklist that is updated daily and a graphical configuration tool.
To install it run
sudo add-apt-repository ppa:jre-phoenix/ppa
sudo apt-get update
sudo apt-get install moblock blockcontrol mobloquer
Then run Mobloquer
For additional information see Moblock Home Page (sourceforge)