These are the domains to harvest IP addresses for;
Add your local src IP Subnet to the rule below, then repeat twice more using .fbcdn.net and .facebook.net
chain=forward action=add-dst-to-address-list src-address=YourLocalIpSubnet
address-list=Facebook IPs address-list-timeout=4d content=.facebook.com
Next add the rule below, this rule will block any IP on your local network that try’s to connect to a Facebook IP address.
chain=forward action=drop src-address=YourLocalIpSubnet
dst-address-list=Facebook IPs log=no log-prefix=””
Don’t forget to change YourLocalIpSubnet to the correct value that matches your local network.