This is not a solution i can filter out using dns but it miss usability as i can not put acl and user exception time based filter the issue is not with the facebook itself it is an example https website as other websites will be blocked based on department and time
Forget about HAproxy "stable" - it like dinosaur, use only devel version which is "stable and old too but not dinosaur". I hope with pfSense 2.5 it will update to 1.9 or 2.0
Can I ask for a little more info, are you setting up a pfsense box for filtering (something like squid)? I have a pfsense box setup behind a standard router and it works well, like you my router (I have used BT and Sky routers) have little to no filtering.