I think your best bet is to bind locally via splunk-launch.conf then use iptables (DNAT) or xinetd (redirect) to forward inbound requests to the ports you wish to expose.
That's more of a security first answer than the alternative of locking down the other ports Splunk listens to at 0.0.0.0.
Ask your SE to submit a feature enhancement request for binding address on a per listener basis if that's important to your specific use case.
... View more