That's really up to you. The .local value can be present in multiple attributes, so you need to decide which one to filter on. A simple solution is to populate one of the custom/extensionattributes for the users you want to filter and configure a rule as shown here: https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnectsync-conf...

Or you can create a more complex rule that directly checks the value of say the proxyaddresses attribute, following the instructions here: https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnectsync-chan...

In the Azure Sync rules editor create a new Inbound rule with the below settings. Users with the @fabri.local UPN will not be synced to Office 365. 

Connected system object type: user

Metaverse Object type: person

Link Type: join

Scope filter: userprinceplename , ENDSWITH, @fabri.local

Transformation: Constant, Cloudfiltered, True