Hi, I did some research for this topic and follow and also try any combination for the settings.
I have 192.168.1.1 for my Mikrotik and 192.168.2.1 for linksys (dd-wrt installed) which connected to eth5 of mikrotik.
Don’t worry about ip configuration for linksys because Mikrotik become its DHCP Server.
I divide 192.168.2.1 network into two group, I made static for devices which connect through LAN/Ethernet port, and made a DHCP pool 192.168.2.100-254 for linksys wifi and convert it to a hotspot.
My TV or another media is connected to linksys through those LAN ports. (Please don’t tell me to move this LAN to mikrotik because it’s not possible)
My main purpose is I want to isolate devices which connect through hotspot so they can’t interact to other devices (ex: streaming to my tv etc). But other than hotspot dhcp pool can interact to each other and also to hotspot devices if possible. So if I convert to ip, it would be like this:
192.168.1.0/24 and 192.168.2.0/24 can interact one another, 192.168.2.100-192.168.2.254 only receive internet connection.
What I’ve done in firewall are as below:
chain=input action=drop in-interface=ether1
12 XI ;;; place hotspot rules here
chain=unused-hs-chain action=drop src-address=192.168.2.100-192.168.2.254
dst-address=!192.168.2.100-192.168.2.254 hotspot=from-client log=no
log-prefix=""
20 ;;; Hotspot Isolate
chain=forward action=reject reject-with=icmp-network-unreachable
src-address=192.168.2.100-192.168.2.254
dst-address=!192.168.2.100-192.168.2.254 hotspot=from-client log=no
log-prefix=""
For rules number 20, I’ve tried to use action=drop.
So please to share your knowledge here 
Thanks in advance