TeamViewer uses the UdpHole scheme or, if it fails to establish a connection in this way, it relays a TCP stream through its server (roughly speaking). In general, it doesn’t matter. anyway the teamviewer server(s) are used and the idea is to find the central node (subnet of nodes) of the teamviewer and block

It is even easier to register the TeamViewer zone on your DNS and prohibit clients from using other DNS servers

One trusted way! Disable permanently
sudo apt-get remove teamviewer

A banal rule in the firewall as a list parameter.
Add all known teamviewer servers to the list.

Well, I would run TeamViewer on the machine and monitor its activity. Then I would ban sites / servers that were accessed from this machine.
It is possible that TeamViewer can dodge - for example, use some kind of proxy.

I can share the list of TeamViewer servers. It's true for Mikrotik, you reformat it yourself so that it gets into ipset. There, you first need to ban the port, now I don’t remember which one, if TW sees this port, it works through it, if it doesn’t see it, it starts trying servers from the list.
But I would also connect administrative methods.

look for all ip addresses to which teamviewer connects (via google, via firewall). Then you do whois these ip addresses. If the ip address belongs to teamviewer, then you can block the whole CIDR, not just one ip.