This is why having a firewall installed is essential in every android phone. Afwall+ does the job. My phones are all rooted but if I'm not mistaken it works on non rooted phones as well.
Nope, it requires root, as it should, really. Anything that can mess with networking at a low level needs root; there's no Android permission that I know of that lets you get down to iptables level.
There do exist "noroot" Android firewalls; I am not sure how they work (I think by somehow becoming interfaces - like "noroot" packet sniffers), but very probably not through `iptables`.
There are products on GitHub; I am looking at NetGuard (from, I think, Marcel Bokhorst aka M66B - the project has many forks). The .md says, «The only way to build a no-root firewall on Android is to use the Android VPN service».