That doesn't make any sense. You can block outbound just fine by having your block rules followed by a default allow. You don't need anything to be stateful when you are blocking whole IP addresses.
Nothing prevents you from having explicit deny rules followed by explicit allow rules followed by default deny.
And if you're already doing outbound whitelisting (which is generally much more trouble than it's worth) then unless you put Facebook on the whitelist you don't need to do anything anyway.