Looks like they’re just taking the facebook ip block and denying 443.
I tested it with 2 rules in the web gui…
Dst. as 188.8.131.52/20 with TCP dst port 443
Dst. as 184.108.40.206/20 with TCP dst port 443
and a simple drop on both, put at the top of the firewall list
and successfully can not log into facebook, but can go to just facebook.com with just port 80
but then again, this may work for a while, until (or if) facebook uses different ip block…