I don't think you can limit the ports vnetd listen to. But you can use iptables to filter/firewal off the internet.
From the man :
IPTABLES(8) IPTABLES(8)
NAME
iptables - administration tool for IPv4 packet filtering and NAT
SYNOPSIS
iptables [-t table] -[AD] chain rule-specification [options]
iptables [-t table] -I chain [rulenum] rule-specification [options]
iptables [-t table] -R chain rulenum rule-specification [options]
iptables [-t table] -D chain rulenum [options]
iptables [-t table] -[LFZ] [chain] [options]
iptables [-t table] -N chain
iptables [-t table] -X [chain]
iptables [-t table] -P chain target [options]
iptables [-t table] -E old-chain-name new-chain-name
DESCRIPTION
Iptables is used to set up, maintain, and inspect the tables of IP packet filter rules in the Linux ker
nel. Several different tables may be defined. Each table contains a number of built-in chains and may
also contain user-defined chains.
Each chain is a list of rules which can match a set of packets. Each rule specifies what to do with a
packet that matches. This is called a `target', which may be a jump to a user-defined chain in the same
table.