well if you really wanna do it with iptables you could simply create a reference in your iptables script to a text file containing the IP netblocks you wanna filter... or you could manually put them in your script... none of these methods will be very effective, though...
wheather you use DROP or REJECT is really up to you, the site will be blocked either way... except of course with REJECT a reply will be sent to the host initiating the request...
you need to be very careful should you choose to do this filtering with iptables: the ad server netblocks will vary, and also there might be non-ad servers in a netblock you filter...
content filtering is the best way to block ads, IMHO... but you don't like proxies, and it seems like you like the idea of making your own blacklists, so maybe the /etc/hosts thing is the best option for you:
yes, you can do DNS blocking for the whole network using the /etc/hosts file on your gateway if you want... just use a daemon like
dnsmasq which will look at /etc/hosts, then do the usual 127.0.0.1 (or whatever IP you want) routine... it's very easy...
hosts on the lan making a dns request to the dns daemon for an ad host will be fed 127.0.0.1 (or whatever) as the address, so it'll be like doing the /etc/hosts thing on every machine, except you only have to do it on
one... this way has the benefit that you won't need to touch iptables and the ad sites will be blocked even if the IPs change...
good luck...