I read in the document that by default elasticsearch 5.0 only binds & publishes to localhost which is a good security posture; however using Debian, I have found that is not the case.
If I leave network.host blank, it binds & publishes to every IP on the machine.
I have three devices (eth0, loopback & tun0). I want to bind & publish to the tun0 and lo, but not the eth0 interface. I have found no way to do that. I can get it to bind to every interface/IP address or only bind to one specific IP or interface but not two and exclude the third.
I have a simple solution "IPTables"; however it seems from your documentation that it's been compiled to only use the localhost by default and that's not the case.
Bruce