PowerConnect 6024 isolate VLANs?

I'm hoping someone who is knowledgable in ACLs (or some other feature) can help me out.

I've got a PC 6024 with about 8 VLANs in it, several are running L3 switching so they route between each other. I find myself in a situation where I need to have 2 new VLANs defined that are completely isolated from all the existing 8 VLANs, and have L3 switching between them and ONLY them.  Basically I need to do L3 switching between 2 ports that should be otherwise isolated completely from the rest of the switch (It's some routing on the public internet between an internal and external segment).

I've defined a couple of ports and put them each in a new Unnumbered VLAN (let's say 501 and 502).  I've given each VLAN and IP address and connected up my external equipment, setting up the default gateway on the 6024 and the necessary static routes on the external equipment. However, if someone knows about these segments they can set a route to them from my other 8 VLANs, and conversely if someone knows about the existing of the other 8 VLANs, they could theortically add a static route on the connected 501 or 502 segments and see the other VLANs.

I've added some IP based ACLs to prevent this, attaching them to the 8 VLANS to prevent destination access to the 501 and 502 segments, and doing something similar the other way (adding IP based ACLS to prevent access to the other 8 VLANs, in effect blocking destination access to RFC 1918 addresses since we use blocks internally in the 10.0.0.0, 172.16.0.0, 192.168.0.0 address segments). 

Am I making this too complicated? Should I be just putting IP addresses on the ports instead of the VLAN itself? If I do will it route?  Or this there a way to define like a "private" set of ports. I've dug through all the options in the switch and at this point I'm just concered I'm missing something that would make life easier.  Part of me is ready to get a separate router to accomplish this need.

Any insight is appreciated greatly!

m0b