there are many iptables script out there but in my opinion nothing fits a box better then your own script so I guess you should give a look at http:/www.netfilter.org
Snort is a great software so, yes, install it.
Keep an eye on the integrity of the FS. If you don't need great features but, you could use Integrit for this (not sure if there's a Slack package). It's easy to use and it just does what you need.
Once you're done with the iptables script, you might even try to do a check with Nessus
. Not always so useful, but it can save your ass.
If you need a hand with iptables, well, I guess you're in the right place.
* * *
EDIT: for logging, I suggest syslog-ng. It allows you more control on where to write what