If you want to block all site you have to create a new service and specify tcp remote port 80, from the kb:
"Once the rule is created, highlight the New Rule. Go to Service column, right click and edit, then select Add. The rule will be TCP, Source/destination with remote port 80,443 click ok and ok again. Then go to Action column and make it set to "Block"."
If you want to block only one site, create a rule for all service, and in host specify "dns host" like this : *.*facebook*.*
If you want to block all site, except some you can create the rule to block all and over this rule make a new allow rule with dns host the url you want to unblock.