Good Evening,
Your Firewall is very simple and only as 3 filtering categories.
Internet -> Router (Input)
Internet -> LAN (Forward)
LAN -> Internet (Forward)
----------------------------------------------------------------------
Step 1: L7-Filtering (identifying Servers)
The best way usually to implement the L7-Filtering is in LAN -> Internet
In your Case it should be rule #13 and #14. (Before "BLOCK FACEBOOK")
/ip firewall filter
add action=add-dst-to-address-list address-list=blogspot address-list-timeout=none-dynamic chain=forward comment="\"Identify blogspot Servers (blogspot)\"" connection-state=new out-interface-list=WAN protocol=tcp tls-host=*blogspot*
add action=add-dst-to-address-list address-list=blogspot address-list-timeout=none-dynamic chain=forward comment="\"Identify blogspot Servers (blogger)\"" connection-state=new out-interface-list=WAN protocol=tcp tls-host=*blogger*
----------------------------------------------------------------------
Step 2: Blocking Traffic from blogspot
You can Filter, aka Drop the blogspot Connection between "LAN -> Internet" or "Internet -> LAN" (or theoretically both)
Most people Block via the "Internet -> LAN" filtering.
If performance is an issus, you may want to look at blocking the Upload insteed ("LAN -> Internet")
Exemple : Block LAN -> WAN
/ip firewall filter
add action=drop chain=forward comment="Drop: Blogspot (LAN --> WAN) " connection-state=related,new dst-address-list=blogspot out-interface-list=WAN
Exemple : Block WAN -> LAN
/ip firewall filter
add action=drop chain=forward comment="Drop: Blogspot (WAN --> LAN) " connection-state=related,new in-interface-list=WAN src-address-list=blogspot
----------------------------------------------------------------------
Step 3: integrate Block-List
If and only if performance is an issus,
It may help to only have 1 address-List for Facebook, Blogspot , instagram, tik-tok and Co.
And only use 1 Firewall-Rule to Block unwanted Services insteed of 5+