I was able to implement this a couple years ago; you could use a cron script to dump queued commands from MySQL but these methods will work on-the-fly.
You can do this two ways; the graceful and ideologically correct way is to manipulate the ClearOS API. I have no idea what changes have been made since 5.x but I would go out on a limb and say that this is all still possible with the 6.x API:
Remote Controlled Netfilter with ClearOS API
The brute force way may be much less secure but allows you to manipulate iptables directly:
Remote Controlled Netfilter with httpd, iptables and sudo
The other option - and this is my favourite - add a URI based rule to snort and redirect banned users to an address which triggers it.