I think CrowdSec is more of a supplement to Snort than a replacement. Snort or Suricata or whatever generate the log entries that CrowdSec uses as input. Since almost nothing writes logs on standard OpenWrt, I can't see CrowdSec by itself doing much.