Willy-Bas Loos <willybas(at)gmail(dot)com> writes:
> I'm wondering if i should open up the ports to my two clusters 5432
> and 5433 from "Anywhere"?
No, not unless you'd like to take the risk of anyone on the internet
poking into your databases.
> I feel that it's a stupid question, since there is pg_hba, which
> already does this work.
Well, even if you trust pg_hba.conf to block unwanted connections,
someone could still mount a DOS attack by flooding your postmaster
with connection requests. It takes a significant number of cycles
to reject a request on the basis of pg_hba.conf.
regards, tom lane