I know that this is an older post, but some time ago a I have found a simple way to block https sites without having to generate tons of rules for iptables.
Specially in the case of facebook which constantly changes ip addresses.
So, like this you do it once and your done:
1. Under NETWORK click DNS.
2. Next to Domain click Create.
3. in the window fill in the Domain Name, in this case facebook.com, leave the Master Server, insert the E-mail Contact (@ will be replaced by .), leave Forward and Submit
4. If not already selected, choose facebook.com from the Domain select box.
5. Under Resources Commands click New and create an A pinter to any IP address you would like to open instead or even a dead one.
6. Set Status to ACTIVE
That’s it. If you need someone on your network to be able to open the site anyway, you can simply change his DNS to an external one.