I'm currently working on an application using celery in combination with rabbitmq, due to security concerns no services that don't require any connection with the internet should only listen on localhost.
After looking around I found this question which shows how I can make most ports listen only on localhost, however for some reason port 25672 remains open, which I determined to be part of rabbitmq:
$ nmap -sV -p25672 -T5 <my server>
Starting Nmap 7.50 ( https://nmap.org ) at 2018-08-04 23:54 CEST
Nmap scan report for <my server> (<my server>)
Host is up (0.011s latency).
PORT STATE SERVICE VERSION
25672/tcp open unknown
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 124.87 seconds
On the server:
$ lsof -i :25672
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
beam.smp 4513 rabbitmq 12u IPv4 473675236 0t0 TCP *:25672 (LISTEN)
The man entry for rabbitmq does not state how to change this, nor can I find out how to do so online. Could anyone point me in the right direction on how to make it listen on 127.0.0.1 rather than 0.0.0.0?
Edit: Fuck it, iptables will do.
iptables -A INPUT -p tcp -s localhost --dport 25672 -j ACCEPT
iptables -A INPUT -p tcp --dport 25672 -j DROP
Best Answer
I found it in the documentation in five seconds after searching for
rabbitmq port...(Warning: You probably need both, as localhost resolves to ::1 on all OSes released in the last decade or so, and binding only to 127.0.0.1 could cause some apps to have problems.)