Hex S inter vlan routing configuration

Hi,
I have a Hex S RB760iGS router and an Edge Switch Ubiquiti.
I created 3 vlans, I also set up on a switch and everything works.
e.g. on port 1 of the switch I have vlan 10, and on port 5 of the switch I have vlan 20 - everything is ok here.
The problem is that when I’m connected to port 5 and I’m in vlan20, I can see devices and ping from Vlan 10, and I don’t want it to be like that.
I need to isolate the network from each other, each one has to have access to the Internet, but not to see each other.
I added rules like the one below in FW, but it doesn’t change anything:
add action = drop chain = forward in-interface = vlan10 out-interface = vlan20
add action = drop chain = forward in-interface = vlan20 out-interface = vlan10

How should I configure it?

I have the same router model in another location and this rule worked without a problem.
I also gave the rule as 2nd position.
There is a problem with the factory configuration, i.e. - FW and bridge, and where it works for me, I did the configuration from the beginning - (simple configuration).

http://forum.mikrotik.com/t/hex-s-ubiquiti-vlan-tagging-dhcp-etc/156286/1

See the setup example here…
Basically the better concept is to create a drop all rule at the end of the forward chain.
That drops all traffic and thus one need only be concerned with what traffic needs to be permitted.
Typically
a. LAN to WAN
b. Port Forwarding
c. Admin to all vlans