I am trying to write rules to drop any packet, irrespective if it is outgoing, incoming or being forwarded, which has a specific sub string in the TCP or UDP payload.
How am I suppose to do that?
You'd need a kernel compiled with Netfilter "String match support" enabled.
Then you can
iptables -A INPUT -m string --algo bm --string "test" -j DROP
iptables -A OUTPUT -m string --algo bm --string "test" -j DROP
iptables -A FORWARD -m string --algo bm --string "test" -j DROP
Check the result wth
iptables -L