AP isolation route to router

I'm running pfsense as router and openwrt configured as a dumb AP. I have all devices connecting to the AP in the same VLAN but different IP segment. The topology is like this:

• All-in-one-VLAN: 192.69.0.0/16 with PC assigned to 192.69.20.0/24 and Phones assigned to 192.69.30.0/24, all via mac address allow in DHCP server inside pfsense

I want those devices in the PC IP segment to communicate with each other but not to devices in the Phones segment (trying to emulate a VLAN here, there are several reasons behind it, mainly because of having a poor switch that can't tag VLAN based on mac address).

I have 1 PC and 1 Laptop inside the PC IP segment and 1 IPhone inside the Phones IP segment. I want the PC and Laptop to be able to ping each other but cannot pin the IPhone. When I turned AP isolation on, I cannot ping from my PC to my Laptop.

I have read from the docs that by turning on AP isolation, the packets from my PC will be forwarded to br-interface for it to decide. How can I be sure that br-interface will forward that packet to pfsense and let it route to my Laptop, or will br-interface just drop the packet and not forward it. Is there any way that I can configure openwrt to behave as what I wanted?

Thanks for any of your help!

Not sure how to do that, maybe with firewall rules, but what you at least have to change is the IP ranges. 192.69.30.0/24 and 192.69.20.9/24 are both routable, i.e. they are non-private ranges.
Try 192.168.x.x or 10.x.x.x
https://en.wikipedia.org/wiki/Private_network

If you add the following config, Forwarding between different subnets in the same firewall zone should be rejected.
file: /etc/config/firewall

config zone
	option forward 'REJECT'

I guess this is the closest it gets to what you want. I'm not sure if the "Isolate Client" option does the same. If this config doesn't work y guess would be to make Firewall Rules. But it isn't a very nice solution.