http://whois.domaintools.com/184.108.40.206 (Universal Communications, Reallocated to Detel Wireless, LLC) This doesn't look Facebook to me.
http://whois.domaintools.com/220.127.116.11 (this is directly assigned to Facebook, Inc CIDR range confirmed of 18.104.22.168/20) Translate this range in decimal form to 22.214.171.124 - 126.96.36.199
Which means the third block you've placed (188.8.131.52/32), with a /32 mask is not only never going to matter because it's matching a singular invalid IP, but it's also apart of the greater range you've already blocked. Rule, is redundant and incorrect.
The fourth rule is also false, however it is indeed a range registered to Facebook, Inc. The CIDR is 184.108.40.206/20, this encompasses 220.127.116.11-18.104.22.168. Your rule is invalid and in need of correction.
Yet another CIDR block registered to Facebook, inc. The CIDR you've used is invalid, the registered range is 22.214.171.124/19, decimal range 126.96.36.199 - 188.8.131.52. Your rule is close, but blocking things that may not be Facebook related.
Don't go throwing stuff into the firewall without doing the proper homework. Otherwise you're simply signing up for an unhappy customer when you break random things online.
- Make the Switch