Create regexp with blocked url
/ip firewall layer7-protocol
add name=gvno regexp="^.*(odnoklassniki.ru|odkl.ru|ok.ru|vk.com|vkontakte.ru|vkontakte.com|durov.ru| fb.com|facebook.com).*\$"
Add firewall rule (should be higher than allow rules for forward chain)
/ip firewall filter add action=reject chain=forward layer7-protocol=gvno protocol=tcp reject-with= tcp reset

It is necessary not to ban by ip address, but by domain name, you also need to preventively write down all anonymizers that you can find in Google

squid transparent https
vk can block the entire data center, not a single IP.
although, in my mind, this is solved by administrative measures, because:
people will still have their personal smartphones, which vk is available via 3G.
You can watch videos not only on Youtube, anti-pirates are fighting video sites and cannot overcome, but do you think you can?
maybe it’s worth the opposite:
leave only what is needed for work? close everything else?