The following is from FreeBSD's inetd(8) man page:

-C rate
        Specify the default maximum number of times a service can be
        invoked from a single IP address in one minute; the default is
        unlimited.  May be overridden on a per-service basis with the
        "max-connections-per-ip-per-minute" parameter.

-s maximum
        Specify the default maximum number of simultaneous invocations of
        each service from a single IP address; the default is unlimited.
        May be overridden on a per-service basis with the "max-child-per-
        ip" parameter.

Any objections to this being implemented/copied over to NetBSD? (I want to 
ask before I work on it more. I can provide a patch here. Is this an okay 
list for discussing this?)

I recall a PR about this, but can't find now.

There are a few other ideas there too for setting max invocations in a 
minute from command line and max simultaneous of a service from command 
line.

This morning my inetd-managed mail retrieval was dead because of "max 
spawn rate ... exceeded" because it was getting continually attacked. (I 
stopped that with a -blackhole route.) Or if you have an easier or better 
suggestion on keeping my inetd-based service available to me, please let 
me know.

  Jeremy C. Reed