If its just one.
I am just a beginner so hopefully other will freak out and provide the right advice.
1. create bridges
a. public_bridge - create a new lan network 192.168.2.1 etc...... (will need to configure IP Pool, then IP Address, then DHCP server.....)
b. cafe_bridge (use existing default network of 192.168.88.1 etc........
assign ether1 (to ISP assuming) and lets say a five port hex router.
ether2 to 4 to cafe_bridge
ether 5 to public_bridge
Ensure Forward Rules are setup such that last forward rule is DROP ALL.
default fastrack rule accept
allow established, connected
allow LAN to WAN (for cafe bridge)
allow LAN to WAN (for public bridge)
drop all log only (log prefix - DROPPED TRAFFIC)
Ip route by default should be good to go.
Assuming no port forwarding required.