Because OSPF is a link state, you can't 'hide' links within a single OSPF area.
Because all of the VLANs are on the same switch, you can't even use different OSPF areas to try and segreagate things, becaue you're not even relying on OSPF to get from VLAN to VLAN- everything is directly connected.
The access list method is clunky and doesn't scale well- and you'll need to clearly understand what traffic patterns you'll allow and deny.
The easiest way to do it is start by getting a list of all your networks, broken into "DMZ" and "Internal".
On the DMZ VLANs, you'll create an inbound access list similar to:
permit tcp any gt 1023 established
deny ip log
deny ip log
permit ip any any
So what this is doing is forbidding the 'dmz' to talk to any of your LAN addresses. If the LAN initiates the conversation inbound, the established line should allow the conversation to finish.
The big problem is the need for the permit ip any any- if you add a new Internal VLAN, it'll be allowing traffic from the DMZ VLANs until you go back and update all the DMZ VLAN ACLs.
A better way to do this would be to investigate using VRF-Lite. Using VRFs lets you create wholly independent routing tables within the switch. Create a DMZ VRF and an internal VRF, and then ... it's going to really complicate the issue and make things a pain in the ass to support unless you know what your're doing, and can mentally translate the support documentation from "MPLS" to what you're really trying to accomplish.
Another option would be to get another L3 capable switch and move all the DMZ VLANs to it- then connect that into your 4500 via the firewalls. Probably my preferred solution, just for ease of understanding what the heck is going on. I don't think the 4500 has a FWSM equivalent, so I don't know of a way to get a firewall in between the vlans of the switch interally.