I am trying to configure Kafka JMX only on localhost . By default, when I start Kafka, it provides three ports, and two of them are automatically bound to 0.0.0.0 , which means that they are accessible to everyone.
I managed to bind the broker itself to 127.0.0.1 (because I only need it locally), but the JMX ports really give me headaches.
I have to follow specific env vars:
export JMX_PORT=${JMX_PORT:-9999} export KAFKA_JMX_OPTS="-Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.rmi.port=$JMX_PORT -Dcom.sun.management.jmxremote.port=$JMX_PORT -Dcom.sun.management.jmxremote=true -Djava.rmi.server.hostname=127.0.0.1 -Djava.net.preferIPv4Stack=true"
If you now look at the associated ports / ips, I see the following:
$ netstat -tulpn | grep 9864 tcp 0 0 0.0.0.0:9999 0.0.0.0:* LISTEN 9864/java tcp 0 0 0.0.0.0:44895 0.0.0.0:* LISTEN 9864/java tcp 0 0 127.0.0.1:9092 0.0.0.0:* LISTEN 9864/java
means that JMX is listening on 0.0.0.0 , and there is another open port 44895 , which I do not know its purpose.
I would like Kafka ports to open only at 127.0.0.1 . Can someone tell me? Thanks in advance!
EDIT:
I was partially successful by adding -Dcom.sun.management.jmxremote.host=localhost , but there is another open port open on 0.0.0.0 :
$ netstat -tulpn | grep 12789 tcp 0 0 127.0.0.1:9999 0.0.0.0:* LISTEN 12789/java tcp 0 0 0.0.0.0:43513 0.0.0.0:* LISTEN 12789/java tcp 0 0 127.0.0.1:9092 0.0.0.0:* LISTEN 12789/java
source share