Yes, exactly, and setting up the nft tables correspondingly. Here's a very rough draft of my current thinking.
# cat /etc/config/snort
config snort 'snort'
option enabled '1'
option config_dir '/etc/snort/'
option mode 'ips' # or 'ids', maybe better names 'detectonly' and 'prevent'?
option mode_action 'block' # 'alert', 'reject', don't know what makes sense yet
option method 'nfq' # or 'afpacket' or ???
option nfq_queue_count '4'
option ... maybe put max queue length and snaplen in here, too.
Once I get it (a lot) more mature, I'll get with @darksky as I believe John is the current maintainer of the OpenWrt snort package, and see if we can make this whole thing a lot easier to deploy. It's pretty wild right now, I've got a lot of questions yet about how various things behave.