Hi @isaiahhavoc ,
Try this ACL:
access-list 100 permit 192.168.2.0 0.0.0.255 host 192.168.1.5 (Policy 1)
access-list 100 permit 192.168.2.0 0.0.0.255 host 192.168.1.2 eq 443 (Policy 2)
access-list 100 permit 192.168.2.0 0.0.0.255 host 192.168.1.3 eq 20 (Policy 3)
access-list 100 permit 192.168.2.0 0.0.0.255 host 192.168.1.3 eq 21 (Policy 3)
access-list 100 permit 192.168.2.0 0.0.0.255 host 192.168.1.4 eq 80 (Policy 4)
access-list 100 permit 192.168.2.0 0.0.0.255 host 192.168.1.4 eq 443 (Policy 4)
About policy 1, the block is made to the packets when they return to host 192.168.1.5
About policy 4, i commented that host 192.168.1.5 is not included because it is inside the same network as the destination, so the packets will arrive , since it can not be filtered within this same broadcast domain.
The ACL is made to be applied in the internal interface of the BranchOffice router, with in direction.
ip access-group 100 in
Regards