The degree of isolation you can achieve depends on how much effort you are willing to put into it. More complex measures will provide superior isolation, with physical isolation of the networks being the best.
The simplest might be to use the /etc/hosts.allow and /etc/hosts.deny files to list IP addresses, subnets, domain names, etc that can access services on your machine. The configuration can be very flexible, with the options described in man hosts_access. You can share these files as needed, or make them unique for each machine. For example:
/etc/hosts.deny:
ALL: ALL
/etc/hosts.allow:
ALL: LOCAL 192.168.1.5
This does assume you have control of the dhcp server giving out IP addresses - probably your home router. You could set static IPs on each machine locally, but this leaves the chance that D or E could get one of the other group's IP address if they aren't using it at the time. You can be more creative if you run your own dhcp server, assigning individual machines to different address pools or subnets based on their unique MAC address.
Because these machines are still on a shared physical network, someone could manually set a static IP on DE that is allowed by ABC and their attempts to connect would not be denied - unless they could not authenticate for the services they are trying to connect to.
The best security for your situation is probably done at the service level. If you don't want DE to ssh into ABC, don't give DE's users the passwords or keys to ABC. If you don't want them to access shared storage on ABC, do not share the SMB passwords. If you have a test http site that you only want ABC to see, put a password in front of it. These are examples; if you want to require better authentication for a specific service, you should read the documentation for that service and open a new question as required.
This is more an administrative question than a Fedora troubleshooting question. Are you running Fedora/Linux because whatever answers you get here will probably be specific to Fedora.