Bridging, once the realm of hardware devices, can also be performed by a linux machine. Along with bridging comes the capability of filtering and transforming frames (or even higher layer protocols) via hooks at the Ethernet layer with the ebtables and iptables commands. Linux can function as a bridge, the equivalent of an extremely power-thirsty switch. For now, the best place to go is the main linux bridging site. Often ebtables and bridging are used together.

There is a Bridge and Netfilter HOWTO which illustrates the use of a bridge as a firewall.

Yes, Virginia, it can be done.

In order to take advantage of ebtables the machine needs to be running as a bridge. (Accurate, nicht wahr?) If you believe in really scary stuff, you can run the bridging code with netfilter, so you can manipulate IP packets transparently on your bridge. For more on this, see the documentation of bridging and firewalling. The firewall and bridge architecture is part of the development branch of the kernel 2.5 series.