Advanced Routing/Firewall Question

http://forums.opensuse.org – Here's the situation: our network here in Denver has netmask (/8). We've divided everything into fairly logical groups: 10.1.1.xx - studios, admin 10.1.5.xx - audio network 10.1.6 and up - each transmitter site (10.1.6, 10.1.7, and so on). That's a short list, but you get the idea. I want to isolate that Audio network. Here's the problem: I inherited this topology from a predecessor, and because that various sites are scattered all over Denver, we can't easily change the IP addresses now. Also, we've already got a HUGE masquerade lis (Distributions)