Suggestion Box: vLAN and Firewall Sources

I have a variety of Linode servers and I would like them to communicate via private LAN, but I do not want the whole Linode private LAN in the data center to be able to access these interfaces. There are a variety of ways to accomplish this but perhaps a simple way is to use Linode Firewalls.

For servers that I do want to directly expose anything but internal/private ip addresses, I can set the Firewall to default to block all. To expose a service I can allow access to a server in this group by adding a firewall ALLOW rule. To open the private ips to my other servers who need to access services (eg. to a Mail server) I can manually create a firewall rule to ALLOW traffic from SOURCES by listing the private ip addresses for each.

Maybe the forthcoming vLANs will solve this more elegantly?
Until then, consider creating a default firewall rule which allows customers to ALLOW any local private ip address owned by the customer to be filtered. Maybe the default for all accounts should be private ip access is limited to private ips owned by this account? It would help protect everyone, it can be disabled if desired.

Maybe the options in "Firewalls::Sources" could be:
Allow All Local ips (current default in a Linode data center)
Creeping down an acl rabbit hole now:
Allow my local ips only (dynamically assigned or iptables list is re-built with Linode deletion/creation in the Firewall)
Allow … and list each Linode the user owns for selection.

As a last suggestion, to obviate the need for a separate HA proxy server and to retain Linode Firewalls scalability/redundancy, might it be possible to apply Firewall Rules to Load Balancers as well?