block outgoing traffic matching string

sudo iptables -I OUTPUT -p tcp --dport 443 -m string --string "dujrsrsgsd3nh.cloudfront.net" --algo kmp -j DROP
sudo iptables -I INPUT -p tcp --dport 443 -m string --string "dujrsrsgsd3nh.cloudfront.net" --algo kmp -j REJECT

list all iptable rules with linenumbers

sudo iptables -L --line-numbers

delete specific iptable rule on linenumber and Chain

sudo iptables -D OUTPUT 1

Allow established connections

sudo iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

Allow connections from subnet 10.0.0.0/24 to certain port

iptables -I INPUT -p tcp -s 10.0.0.0/24 --dport 6556 -j ACCEPT

Change input chain to drop all traffic

iptables --policy INPUT DROP

Change OUTPUT chain to allow all traffic

iptables --policy OUTPUT ALLOW

iptables command can have two backends: nft (netfilter) or iptables-legacy (original ipbles) on debian you can check which iptables backend is being used as follows:

update-alternatives --get-selections