Basic concept is VLAN A can only communicate to your VLAN B through routes you configure. But, anything on VLAN B can reach anything on VLAN A. So your phone could see all your IOT devices but your IOT devices couldn’t see your phone, unless you want them to.
My setup has changed since, but to help illustrate, I used to have an MQTT server on VLAN B, so I had setup a rule that VLAN A could reach the MQTT server on VLAN B through the MQTT port, but blocked everything else.
It’s possible you don’t need to do that and only need to allow VLAN B to reach VLAN A.
Basic concept is VLAN A can only communicate to your VLAN B through routes you configure. But, anything on VLAN B can reach anything on VLAN A. So your phone could see all your IOT devices but your IOT devices couldn’t see your phone, unless you want them to.
My setup has changed since, but to help illustrate, I used to have an MQTT server on VLAN B, so I had setup a rule that VLAN A could reach the MQTT server on VLAN B through the MQTT port, but blocked everything else.
It’s possible you don’t need to do that and only need to allow VLAN B to reach VLAN A.