I’ve successfully blocked access from blue network to green - maybe this is the default anyway. Nevertheless, I can access the blue network from green.
At least I can ping blue IP-addresses from a command line running on a client in green network.
So how can I block this access, too? I already have those rules in place: