For sites like "facebook" that use HTTPS, the only way is to block their IPs (or at least ports 80 and 443 for those IPs), but keep in mind this means you're also blocking any site hosted on those same servers, so for example, if you wanted to allow SketchUp's site, and Google happens to share some of its IPs with SketchUp (since they own it after all...), you'd end up blocking SketchUp, even though you didn't want to.
Also, a lot of sites will sometimes change their IPs (e.g. add new servers), so you'll need to regularly check up their DNS info too. I have this small utility written in PHP
which does that, and puts the IPs for a domain name in an address list using the API protocol. You can use it to place all of those sites on the same address list (or place them in several, if you want to filter some of those websites under special conditions). Once you have that, you can just create two firewall rules that both match the address list - one to block port 80, and another one for port 443 (or a blanket one to block all ports, if you're North Korea).