I am attempting to set up a semi-transparent bridge. I say semi because I want it to act as a transparent tap for all traffic moving through both sides of the bridge. What I also want is to have the "green zone" accessible to a web interface for the bridge that will display all results of the IDS and other network monitoring tools. My example would be as such:

eth0 <--> bridge(br0) <--> eth1

The entire network would be on the same subset however anything coming from eth0 to eth1 would be accepted. The only time anything would be drop is if the eth0 attempted to access br0. If someone attempts to access the web interface on br0 through eth1 it will succeed. My biggest problem I feel is if I attempt to block anything from eth0 to br0 this will drop the bridge all together.