check out crowdsec. its a more up to date version of fail2ban. bit easier to manage too. SNORT does tend to suck resources (its really aimed at corporations for IDS and needs a big router and memory once you start loading up rules)
theres also a opkg package for crowdsec too. Crowdsec packages for OpenWrt