First of all, PostgreSQL behind AOLserver does not have to have TCP/IP enabled. The driver code contains the doc on how to do it -- you use a different datasource, using localhost instead of the actual host name. But, then again, the TCP/IP method is in a way more secure, as it can be another machine.
And, you don't have to firewall 5432 (you don't _have_ to run postmaster on 5432, either) -- you just configure pg_hba.conf properly, and you're in business.
Although, technically, if your firewall is configured properly, you shouldn't have to firewall off any port -- you do use default deny, right?
