Thanks for the comments, everyone. I'm taking a closer look at what OpenWRT can do, in the way of actual firewalling. It doesn't have an inbuilt "Parental controls" feature, per se, but I can can time-restrict access to the internet at large, based on the MAC addresses of each device that the kids can access. This obscure functionality is hidden way, way deep... in "Network" -> "Firewall" -> "Traffic Rules" -> "Add" button -> "Advanced Settings" -> "Source MAC address" -> then under the "Time Restrictions" tab, set up the desired Start and Stop times (of restriction) -> "Save" button -> "Save & Apply" button.
Maybe astute parents could have a little family meeting with the kids, and say to them upfront, something like this:
"Ok little Susie and Billy, you are spending too much time on Facebook. It's time for a family intervention to try to bring some moderation to your usage, to teach you how to bring balance to your online lives. The first thing we parents are going to do is just block Facebook from 7:30pm to 9pm every night (as in, using the Pihole-related cron jobs just above). If you get clever, and hand-edit your network settings, to circumvent these blockages, don't think we parents won't notice that! We parents can see whether your devices are using DHCP leases or not in the OpenWRT router (look in OpenWRT's "Status" -> "Overview" -> "Active DHCP leases" section, as well as "Associated Stations" section below that, to find wifi-connected devices which might have an IP, but NOT a DHCP lease to go with it. That's Susie and Billy circumventing the Pihole Adlist for Facebook. Furthermore, turn down the lease time to be short: like 1 hour. That's set in OpenWRT in "Network" -> "Interfaces" -> "Edit" button for the LAN interface -> "DHCP server" tab -> "General Setup" sub-tab -> "Lease Time:", set to 1h -> "Save" button -> "Save & Apply" button)
You must use the DHCP leases, Susie and Billy. If you don't, once we catch you, we parents will turn up the "dial of atonement" another notch. We'll create timed firewall rules (as above with the "Time Restrictions", based on MAC address) to block all your internet access from 7:30pm to 9pm - not just Facebook.
The more we catch you squirming in various ways to get around these measures, we'll just keep turning up the "dial of atonement" even more, as we catch you. We can make the "Time Restrictions" even larger, or, if we need to get heavy, even (gasp) turn off the wifi altogether (in OpenWRT, "Network" -> "Wireless" -> "Disable" button, "Save & Apply" button), thereby allowing wired devices only (force the kids to use a wired laptop right beside Daddy's desk, where he can easily shoulder-surf them), etc."
I think it can be made into a game of sorts, where the parents engage in these kinds of tit-for-tat measures to bring on increasing restrictions on the kids, if necessary. Then the kids are governed to stay within reasonable behavior, over the long run. Naturally, the kids see what they can get away with, then the parents catch them, and pare back their usage by cramping their style.
Edit: I cross-linked to this post over on the OpenWRT Discourse here.