java jmx 配置,如何配置JMX只绑定到本地主机?

I run Tomcat8 using JDK8 on Centos6.

I enable JMX using the following options:

CATALINA_OPTS="${CATALINA_OPTS} -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=9123 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.local.only=true"

Unfortunately, when I check what ports are opened I discover that these ports listen to all IP:

netstat -plunt | grep java

Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name

tcp 0 0 :::60555 :::* LISTEN 22752/java

tcp 0 0 ::ffff:127.0.0.1:8080 :::* LISTEN 22752/java

tcp 0 0 :::9123 :::* LISTEN 22752/java

tcp 0 0 :::40867 :::* LISTEN 22752/java

I suppose that if I configure -Dcom.sun.management.jmxremote.local.only=true all ports should be bind to localhost only (::ffff:127.0.0.1 will appear before all ports).

How to configure JMX to bind to localhost only?

Added

I do not create JMX I use Tomcat JMX: https://tomcat.apache.org/tomcat-8.0-doc/monitoring.html.

解决方案

As far as I understand this answer and read Oracle's docs about it, there seems to be no way to configure it without coding. This says in the chapter "Connector server attributes":

When using the default JRMP transport, RMI socket factories can be

specified using the attributes jmx.remote.rmi.client.socket.factory

and jmx.remote.rmi.server.socket.factory in the environment given to

the RMIConnectorServer constructor. The values of these attributes

must be of type RMIClientSocketFactory and RMIServerSocketFactory,

respectively. These factories are used when creating the RMI objects

associated with the connector.

The only option I see is to implement a custom factory like here and pass the classname to the property along with the JAR/class in classpath.

Correct me if I am wrong.