Welcome to LQ security. You are correct in that iptables is an appropriate tool to perform this function. Interacting with Iptables does have a little bit of a learning curve because it is not the most intuitive of designs, but once learned offers a great deal of power and flexibility. My recommendation would be for you to read a few iptables tutorials.
Here is one that I personally like that is introductory in nature. I will try to answer your question specifically, but it is important for you to understand what is happening, which is why I recommend the above reading.
Iptables works with different CHAINS (INPUT, OUTPUT, FORWARD). Think of these chains as the direction of data flow relative to your machine. You can write rules for each of these chains to allow or restrict the flow of information based upon a wide variety of criteria such as source or destination port or IP address, the TCP state, and the number of connection attempts. It is also important to have a basic understanding how TCP/IP traffic works or you won't be able to write effective rules and instead will either lock yourself out or create rules appear to have no effect. Lets look at an example: dns. You want this machine to talk to a DNS server(s). DNS is provided on port 53 and (predominantly) uses UDP. When you connect to a DNS server, your system generates OUTPUT traffic on a random port to a destination IP port 53 using UDP. This would be a new connection. The return traffic is RELATED to your query and ultimately a connection will be ESTABLISHED. You can write rules to impact all aspects of this connection process.
To write rules to allow the connections you specify, you will need to write OUTPUT rules to permit connections to your DNS servers. You can choose to permit the entire IP address, or limit it to port and protocol. You will need to either allow INPUT traffic all together or use a state rule to allow the return traffic while blocking other inbound connections. Note, unless the machine is running server processes, the inbound ports will be closed and blocking them with a firewall will provide little benefit (the exception being if something were inadvertently opened). Similarly, you will need to write rules to allow OUTPUT traffic to site ss.com, and you can specify the port you wish to allow connections to. Again, consider the return traffic. One other factor to consider is that while Iptables will accept and resolve names, it is FAR better to use IP addresses. Consequently, do a lookup of ss.com and write the rule with the ipaddress instead.
Ping works a little differently. Iptables can restrict or allow PING but you need to write rules specifically for it. Ping uses ICMP, which is designated by TYPE (off hand I think ping uses types 3 and 8). A simple search for "iptables allow ping" will give you the results you need to implement it.
Lastly, you need to block everything else. It is important to realize that iptables rules work in a particular order from top to bottom. Once a rule match has been made, the rule is executed and the process stops. Therefore, the best approach to take is to write rules to ALLOW the desired traffic and then place a block everything else at the bottom. This is a far better approach than trying to allow everything while restricting certain actions.
