Unable to stop RabbitMQ from listening on port 25672 on all interfaces

Question

I'm currently working on an application using celery in combination with rabbitmq, due to security concerns no services that don't require any connection with the internet should only listen on localhost.

After looking around I found this question which shows how I can make most ports listen only on localhost, however for some reason port 25672 remains open, which I determined to be part of rabbitmq:

$ nmap -sV -p25672 -T5 <my server>

Starting Nmap 7.50 ( https://nmap.org ) at 2018-08-04 23:54 CEST
Nmap scan report for <my server> (<my server>)
Host is up (0.011s latency).

PORT      STATE  SERVICE VERSION
25672/tcp open   unknown

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 124.87 seconds

On the server:

$ lsof -i :25672
COMMAND   PID     USER   FD   TYPE    DEVICE SIZE/OFF NODE NAME
beam.smp 4513 rabbitmq   12u  IPv4 473675236      0t0  TCP *:25672 (LISTEN)

The man entry for rabbitmq does not state how to change this, nor can I find out how to do so online. Could anyone point me in the right direction on how to make it listen on 127.0.0.1 rather than 0.0.0.0?

---

Edit: Fuck it, iptables will do.

iptables -A INPUT -p tcp -s localhost --dport 25672 -j ACCEPT
iptables -A INPUT -p tcp --dport 25672 -j DROP

Answer 1

I found it in the documentation in five seconds after searching for rabbitmq port...

listeners.tcp.1 = 127.0.0.1:5672
listeners.tcp.2 = ::1:5672

Or in the classic config format:

[
  {rabbit, [
    {tcp_listeners, [{"127.0.0.1", 5672},
                     {"::1",       5672}]}
  ]}
].

(Warning: You probably need both, as localhost resolves to ::1 on all OSes released in the last decade or so, and binding only to 127.0.0.1 could cause some apps to have problems.)