There was an abuse report for an ip address from one of our subnets whose hosts we don't administer, and so it had to be cut off in the Foundry router. This router is a Fastiron 4802 with software version 07.6.04jT51. The ip addresses have been changed to private networks for documenting purposes.
This was the acl for the subnet originally:
permit ip 10.123.123.128 0.0.0.31 any permit ip 126.96.36.199 0.0.0.31 any
and it was applied inbound to the interface on the subnet, so that only source ip addresses from the subnet would match. Then the implicit deny blocks everything else. Because the foundry acl commands on our router don't have line numbers for inserting a rule I removed the acl from the interface, deleted it with no ip access-list extended thenameoftheacl, and recreated it with a new rule:
deny ip host 10.123.123.141 any permit ip 10.123.123.128 0.0.0.31 any permit ip 192.168.231.0 0.0.0.31 any
Then I applied it inbound on the interface again. Now, that one ip address would match the rule for it to be denied before it would be permitted by the next rule for its subnet.