I administer a LAN at a department at my university and soon we're gonna switch from private to public IP space. Now as you will know university sites are more often than not rather badly administered and as such an easy target for crackers of any kind. Our LAN is rather exposed and we get script kiddie attacks on a weekly and serious break in attempts on a monthly basis. So I'm not at all comfortable with the idea of moving ~150 workstations to public IPs but, of course, I'm not in charge of making decisions like this.
What I want to do is set up a transparent bridge firewall that all traffic passes through and filter the traffic on the link layer. This way the firewall itself will remain invisible because it doesn't even get an IP address. I've done some research on this but it seems documentation is rather sparse. So I'm asking if anybody has information, links, howtos,... or better yet first-hand experience with setting up a bridge firewall. All I found so far is the docs linked at bridge.sf.net and ebtables.sf.net and a few mailing list postings from a couple of years back.
I'm grateful for any piece of information on this subject.