Block Facebook via Layer 7
/ip firewall layer7-protocol
add name=Facebook regexp="^.+(facebook.com|fbcdn.net).*\$"
/ip firewall filter
add action=drop chain=forward layer7-protocol=Facebook
Block Facebook via Content
/ip firewall filter
add action=drop chain=forward content="facebook.com"
add action=drop chain=forward content="fbcdn.net"
add action=drop chain=forward content=".facebook."
add action=drop chain=forward content=".fbcdn."
Block Facebook via TLS
/ip firewall filter
add action=drop chain=forward protocol=tcp tls-host="facebook.com"
add action=drop chain=forward protocol=tcp tls-host="fbcdn.net"
add action=drop chain=forward protocol=tcp tls-host="*.facebook.*"
add action=drop chain=forward protocol=tcp tls-host="*.fbcdn.*"