Ensuring internet is disabled for devices connected to second router

The details aren't in the original post, so I am making educated guess here.

It seems both router A and router B have been configured with 192.168.0.0/24 subnet. This means they live in the same Ethernet broadcast domain, and devices with any IP addresses can move between networks and have similar connectivity.

To properly enforce limits you are describing, you need to configure different subnets for the WiFi and Ethernet connections. Then you need to have a separate DHCP server for each of the networks.

In firewall rules you should leave out the NAT rule for the WiFi network.