Add firewall rules in the forward chain that block traffic between those networks.
One easy way to do that is to build an address-list of the local networks that contains 10.0.10.0/26, 12.0.12.0/24, 20.0.20.0/24, 192.168.10.0/24:
/ip firewall address-list add list=local_networks address=10.0.10.0/26
/ip firewall address-list add list=local_networks address=12.0.12.0/24
/ip firewall address-list add list=local_networks address=20.0.20.0/24
/ip firewall address-list add list=local_networks address=192.168.10.0/24
Then add a filter rule that drops all traffic sourced from those networks going out any interface that isn’t the WAN:
/ip firewall filter add chain=forward src-address-list=local_networks out-interface=!ether1 action=drop
Another way is a forward chain that accepts established and related traffic, accepts traffic going out the WAN interface and drops everything else.
By the way, why are you masquerading the two public IP blocks?