xtables (ip, ip6), ebtables
Joshua Snyder (<josh_at_imagestream.com>) made a detailed picture about the IP packet flow on a Linux bridging firewall.
howto install PSAD to block DDOS attacks (distributed denial of service) and port scan on a webserver.