Hello Ron,
I would suggest you to use only one ACL.
first the permitted communication between local subnets
access-list 105 permit tcp 10.1.5.0 0.0.0.255 eq telnet 10.1.2.0 0.0.0.255
! note the position of the TCP port you want to have telnet access to devices in 10.1.5.0/24 from 10.1.2.0/24
! then you deny all other internal communication
access-list 105 deny ip 10.1.5.0 0.0.0.255 10.1.2.0 0.0.0.255
access-list 105 deny ip 10.1.5.0 0.0.0.255 10.1.3.0 0.0.0.255
access-list 105 deny ip 10.1.5.0 0.0.0.255 10.1.4.0 0.0.0.255
! then you permit internet access
access-list 105 permit ip 10.1.5.0 0.0.0.255 any
! in this way you have also anti-spoofing you don't allow a source non in 10.1.5.0/24 to go out
I would apply this ACL inbound on SVI Vlan with ip address 10.1.5.1/24
let's suppose it is vlan 10:
int vlan 10
ip access-group 105 in
Hope to help
Giuseppe