Transparent bridge firewall

[demian]

Hey everyone.

I administer a LAN at a department at my university and soon we're gonna switch from private to public IP space. Now as you will know university sites are more often than not rather badly administered and as such an easy target for crackers of any kind. Our LAN is rather exposed and we get script kiddie attacks on a weekly and serious break in attempts on a monthly basis. So I'm not at all comfortable with the idea of moving ~150 workstations to public IPs but, of course, I'm not in charge of making decisions like this.

What I want to do is set up a transparent bridge firewall that all traffic passes through and filter the traffic on the link layer. This way the firewall itself will remain invisible because it doesn't even get an IP address. I've done some research on this but it seems documentation is rather sparse. So I'm asking if anybody has information, links, howtos,... or better yet first-hand experience with setting up a bridge firewall. All I found so far is the docs linked at bridge.sf.net and ebtables.sf.net and a few mailing list postings from a couple of years back.

I'm grateful for any piece of information on this subject.

TIA,
demian

[Schotty]

Here is some stuff on OpenBSD here

[demian]

Thanks for that link. Turns out that once I got started to actually set this up on a test network it isn't so frightening as I initially thought. Anyone thinks there's demand for a bridgewall PET?

[Schotty]

[quote author=demian link=board=4;threadid=7995;start=0#msg73185 date=1067428327]
Thanks for that link. Turns out that once I got started to actually set this up on a test network it isn't so frightening as I initially thought. Anyone thinks there's demand for a bridgewall PET?
[/quote]

Sure why not?