+ $iptables = System::which('iptables', '/sbin/iptables');
+
+ if (!$iptables || !file_exists($iptables)) {
+ $this->jerr("iptables could not be found.");
+ }
+ }
+ // this should have been set up already..
+ // in the base firewall code.
+
+
+ $rows = $this->readChain('INPUT');
+ $gotpg = false;
+ foreach($rows as $r) {
+ if ($r['target'] == 'postgres') {
+ $gotpg = true;
+ }
+ }
+ if (!$gotpg) {
+ $this->exec("{$iptables} -A INPUT -p udp -m udp --dport 5432 -j postgres");
+ $this->exec("{$iptables} -A INPUT -p tcp -m udp --dport 5432 -j postgres");
+ }
+
+
+ $rows = $this->readChain('postgres');
+ if ($rows === false) {
+ $this->createBase();
+ $rows = array();
+ }
+
+ $lastrulenum = 1;
+
+ $remove = array();
+ $cur = array();
+
+ foreach($rows as $row) {
+
+ // print_r($row);
+ //var_dump($row['target']);
+ if ($row['target'] != 'ACCEPT') {
+ continue;
+ }
+
+