as you use virtual switches, using the interface names for firewalling is perhaps not a good idea, try to set all your rule with IP only.
by the way, i think your forward rule 1 is useless, and all your input rules are useless for this specific need (but don’t set input to drop without allowing your subnet!)
i’m not sure to understand evrything…is your description of the issue accurate? you want ETH1-ETH4 to see ETH0 and internet, and not each other? and currently everybody sees everybody?