Why don’t you try and do that then? You need/have entries already for the parts of Roon, so go on and restrict them. From the thread you linked:
Keep in mind that Roon also needs internet access too (don’t sever it in the process) and check the routing table too.
But as already stated, Roon Labs designed Roon (the product family) for simple (flat) home network environments as typically provided by default from ISPs and their hardware. It is not designed for complex network environments with VLANs and multiple physical or virtual network adapters. So there is (still) no official support for operating Roon in a complex network environment. You may find inspiration and community support in the Tinkering section on the forum but without the promise of a solution for your case.