Hello MT wiz..
I would like to firewall 3 segments of a network. my question will be what is the best way to do it and how?
the network is a fully public ip network (not 10. not 192.168)
usable IP range 2 - 126 but we are on /24 subnet (if I catch who the heck design this network I will … him 
ether1 123.123.123.2/24 internet gateway(123.123.123.1)
ether2 123.123.123.5/24 management
ether3 123.123.123.25/24 agent network
ether4 123.123.123.100/24 servers
I would like to point out the 123.123.123.0/24 all 3 segments of the network are on the same subnet the reason is we actually have half class C IP block and it is a bridged connection to us from the isp.
OK here is what I need
to protect local side we need to firewall internet side
there are mail servers and web servers as public
no one from internet can access any thing inside except some port 80 25, 110 on server segment
agent network can access servers and internet and not to management side
management can access anything
using smaller subnets is not an option (we do not have enough ips)
how do I firewall bridges
Sorry no nat option either the applications require real public ip
currently all the firewalling is managed by software firewalls and this is causing problems.