iptables -A INPUT -p tcp --dport 443 -j REJECT --reject-with tcp-reset
This rule sets up on the INPUT chain, all TCP traffic on port 443 (TLS/SSL/HTTPS) will get a message that the port is not available and will be sent a reset packet. This helps with slow loading of SSL/TLS pages since the client won’t be waiting for a reply, the will get an immediate closed and will not be open message.
iptables -A INPUT -p udp --dport 80 -j REJECT --reject-with icmp-port-unreachable
This is another INPUT chain rule, but this is a new one. The QUIC protocol sends over UDP as opposed to what we normally see as TCP traffic. So to block the QUIC and it’s DNS traffic over QUIC, this rule sets another rejection notice to the client. It tells the client that QUIC is not available and ends the process.
iptables -A INPUT -p udp --dport 443 -j REJECT --reject-with icmp-port-unreachable
That one is a combination of the two, reject QUIC TLS/SSL/HTTPS traffic.