Ensuring internet is disabled for devices connected to second router

dhcp router

The details aren't in the original post, so I am making educated guess here.

It seems both router A and router B have been configured with 192.168.0.0/24 subnet. This means they live in the same Ethernet broadcast domain, and devices with any IP addresses can move between networks and have similar connectivity.

To properly enforce limits you are describing, you need to configure different subnets for the WiFi and Ethernet connections. Then you need to have a separate DHCP server for each of the networks.

In firewall rules you should leave out the NAT rule for the WiFi network.

Related

MYSQL - is `localhost` faster than domain name (i.e. mysql.domain.com ) [closed]
does file download using PHP, causes server/CPU overload? [duplicate]
Deploy control plane without master node registration using kubeadm
Hosting two domains on a VPS while preventing an attacker from finding domain A given domain B?
How to enable access to IPv4 users?
FTP gives an error 550 but file permissions are the same
General logging won't work in MySQL
mount + copy files to mounted directory how to enable?
Apache: Use internal DNS name for logging but still have CanonicalName Off
How to turn off google's dark mode?
How to create subfolder on mailbox trough Dovecot
Excel Date Timezone Conversion [duplicate]