Here is one that I don't think I published before.
This uses "Source Based" routing rather than modify iptable rules.
In this example, all of the local wireless devices are assigned an IP address from within the 169.254.0.225/27 address block.
Change that entry as required to match your assignment practices.
Code:
# Put a full block on Chatty Kathy's attempts to call home:
/bin/ip rule add from 169.254.0.225/27 to 207.171.160.0/19 prohibit
/bin/ip rule add from 169.254.0.225/27 to 107.20.0.0/14 prohibit
/bin/ip rule add from 169.254.0.225/27 to 184.72.0.0/15 prohibit
/bin/ip rule add from 169.254.0.225/27 to 204.246.160.0/19 prohibit
/bin/ip rule add from 169.254.0.225/27 to 205.251.192.0/18 prohibit
/bin/ip rule add from 169.254.0.225/27 to 72.21.192.0/19 prohibit
/bin/ip rule add from 169.254.0.225/27 to 50.16.0.0/14 prohibit
/bin/ip rule add from 169.254.0.225/27 to 23.0.0.0/12 prohibit
The above is an old example, refer to my 'Exploring the Kpw' thread for the currently known address ranges to block.
The above routing rules are added to my gateway machine, I have not tried adding them to a Kindle - so am not sure if Source Based routing is supported by the Amazon Kindle kernel build.