s6-connlimit is a small utility to perform IP-based control on the number of client connections to a TCP socket, and uid-based control on the number of client connections to a Unix domain socket.
s6-connlimit prog...
The s6-tcpserver program defines the PROTO environment variable to "TCP", and spawns every child server with the TCPCONNNUM environment variable set to the number of connections from the same IP address. The s6-tcpserver-access program can set environment variables depending on the client's IP address. If the s6-tcpserver-access database is configured to set the TCPCONNMAX environment variable for a given set of IP addresses, and s6-tcpserver-access execs into s6-connlimit, then s6-connlimit will drop connections if there already are ${TCPCONNMAX} connections from the same client IP address.
The s6-ipcserver and s6-ipcserver-access programs can be used the same way, with "IPC" instead of "TCP", to limit the number of client connections by UID.
The following command line:
s6-tcpserver -v2 -c1000 -C40 1.2.3.4 80 \
s6-tcpserver-access -v2 -RHl0 -i dir \
s6-connlimit \
prog...
will run a server listening to IPv4 address 1.2.3.4, on port 80, serving up to 1000 concurrent connections, and up to 40 concurrent connections from the same IP address, no matter what the IP address. For every client connection, it will look up the database set up in dir; if the connection is accepted, it will run prog....
If the dir/ip4/5.6.7.8_32/env/TCPCONNMAX file exists and contains the string 30, then at most 30 concurrent connections from 5.6.7.8 will execute prog..., instead of the default of 40.