What you are asking for is a bridging firewall. It is possible to do this in Linux; I do it for out network. But it's not straightforward, and I don't know of any off-the-shelf free solution (or I'd be using it).
The basic steps are that you first need to enable bridging support in the kernel - this is normally already done these days. Then you create a bridge interface and add network interfaces to it. Then you setup the iptables rules for the network and the firewall itself.
I use custom scripts to startup the bridge, and fwbuilder to create the iptables rules. I also use fwbuilder to create the "personal" firewall rules for each server behind the firewall. It's quite a nice tool, but it does have a few foibles to watch out for. It supports both address and port ranges.
Monitoring can be done by any available Linux tool.