you DON’T have to shoot any firewall rule. What you only have to do is:
Take your PC/IP from this section in network, DHCP server
current dynamic assignments
you can give an other unique IP. You must not take the one from DHCP
Then go to this section in firewall ,access to blue and take your IP/PC again
current DHCP assignments on blue
thats it.
BTW you have access to green from special IPs
AND internet if you set the DNS for blue in DHCP server.
if you had looked in your fw log, you had seen,that it is a forwarding problem on port 53 I think.