RE: setup for a public /24 network

> interface itself? Perhaps that's the wrong approach.
> Do I need WAN/LAN bridging? Something else?

Start subnetting, create a /29 for the external untrusted interface(s) +
vips. 

Take the remainder and salt and pepper amongst dmz interfaces as required. 

If you're going to use vlans, do not mix zones of trust on the same switch. 



Greg