That was a REALLY useful post. THANK YOU SO MUCH, I ACTUALLY UNDERSTAND THIS NOW.
I managed to isolate the VLANs like I wanted, but now (sigh) I have ANOTHER problem (you're probably going to want to slap me for this) I created a set of rules on my "HAMPTON" interface:
Allow, source HAMPTON net, destination HAMPTON net, protocol any, ipv4
Allow, source HAMPTON net, destination HAMPTON net, protocol any, ipv6
This works great, it blocks communications from anything EXCEPT that subnet, which is EXACTLY what I need....except for one thing... I need to be able to access the internet. You may remember I'm the same person who was asking about if you could put PFsense behind an existing gateway, and since asking I've done that and it works great. But the consequence is that instead of having direct access to the internet on my WAN interface, I have to go through my dads upstream router first. So, back to the VLAN situation. Normally, if I wanted to allow the HAMPTON net to access internet, I would create a rule like this:
Allow, source: HAMPTON net, destination: WAN net, protocol any, ipv4
But because my WAN interface just goes to my dad's network, and through a gateway from there, that only allows access to my dads local network. So with that rule, I can ping 192.168.1.1 (his gateway) but I can't ping google.com because its not in what pfsense sees as the "WAN net". Is there any way around this, or am I essentially stuck?
Again thank you SO MUCH for being so helpful and patient with me and my slow learning speed, I would still be stuck trying to get VLAN tagging set up at all if it wasnt for your help.