Queues and firewall rules consume most CPU. Also any netwatch and scheduler scripts you may have might consume a lot of CPU if they're executed very frequently (like, less than 1m), even if they're otherwise very simple and efficient.
I can't think of anything other than MetaRouter that would consume any significant RAM, which is probably why most RouterBOARD devices don't have too much on them.
The exact CPU load you'll experience depends not only on the amount of rules, but also the amount of devices actively using the network. A single firewall rule will be a negligible penalty for hundreds, if not thousands of clients, but a dozen or so will gradually start to lower the number of active devices that can be served before the CPU starts peaking.
(1.0.0b6) - My API client in PHP
(Rate my posts? If you want... no pressure...)