i understand your motivation. have you ever considered having the cpe doing the pppoe connections?
for about a nanosecond and then I rememebrd why we didn't do it that way to begin with... the customer gets a public IP on their router or firewall... if I did the PPPoE on the CPE, then the customer would be NAT'd with a private IP, and then unable to manage their connection (port forwarding, firewall rules, etc) themselves.
bridge filters are a work around, and yes, I already use them, but it's an extra step that can be messed up or forgotten by the installer, we can't fully use them tower side because then we cant't get into the CPE (it gets a private IP from DHCP on the tower which we use to connect to it for updates and troubleshooting)
the reality is that a full bridge is not the best solution in this case, a more restrictive less capable, and simpler system is actually better. WDS is wasting CPU overhead and is functionalaty overkill.
I've always felt the KISS (Keep It Simple Stupid) principle is a smart thing to follow. Using WDS with bridge filters for PPPoE traffic seems like the Rube Goldberg way of doing things. if you don't know who that is...
Inspired by cartoonist Rube Goldberg, college students nationwide compete to design a machine that uses the most complex process to complete a simple task - put a stamp on an envelope, screw in a light bulb, make a cup of coffee - in 20 or more steps.