I wouldn't do this with routing rules at all, but then again I'm a firewall guy. Routing rules would work, I suppose. Below the relevant configuration parts for two physical interfaces (inside and outside), and 4 VLAN interfaces stacked on the inside interface (Wired, Wireless, DMZ and Admin):
set 0 disabled=no name=outside
set 1 disabled=no name=inside
set 2 disabled=yes name=ether3
set 3 disabled=yes name=ether4
add disabled=no interface=inside name=Wired vlan-id=2
add disabled=no interface=inside name=Wireless vlan-id=3
add disabled=no interface=inside name=DMZ vlan-id=4
add disabled=no interface=inside name=Admin vlan-id=5
add address=126.96.36.199/26 interface=outside
add address=10.2.0.1/23 interface=Wired
add address=10.3.0.1/23 interface=Wireless
add address=10.4.0.1/24 interface=DMZ
add address=10.5.0.1/24 interface=Admin
By default all those networks could pass traffic to one another.
And the firewall section to prevent that. Only the relevant parts of forward chain are shown:
add action=accept chain=forward comment="forward established traffic" connection-state=established disabled=no
add action=accept chain=forward comment="forward related traffic" connection-state=related disabled=no
add action=accept chain=forward comment="forward traffic from local interfaces to WAN" disabled=no out-interface=outside
add action=accept chain=forward comment="allow Wired to initiate traffic to DMZ, reverse is not true" in-interface=Wired out-interface=DMZ
add action=accept chain=forward comment="allow bi-directional traffic initiation between Wired and Admin, Part I" in-interface=Wired out-interface=Admin
add action=accept chain=forward comment="allow bi-directional traffic initiation between Wired and Admin, Part II" in-interface=Admin out-interface=Wired
add action=drop chain=forward comment="drop everything else" disabled=no
Every network can now pass traffic to 'outside', 'Wired' can initiate connections to 'DMZ' (and since related/established is allowed, DMZ can pass back traffic for those connections. 'Wired' and 'Admin' can initiate connections bi-directionally.
Hope that helps.
Specific answers require specific questions. When in doubt, post the output of "/ip address print detail", "/ip route print detail", "/interface print detail", "/ip firewall export", and an accurate network diagram.