DISABLE_FIREWALL officially supported?

I had to use DISABLE_FIREWALL=1 on my OpenVZ installation.

Since the machine still has a public ip exposed to the internet, I wonder if I’m fine. Specifically, if the box is purposefully designed in such a way that only the necessary services bind to the public interface.

I did a port scan, which gives me this, which appears to be fine:

22/tcp    open     ssh
25/tcp    open     smtp
53/tcp    open     domain
80/tcp    open     http
443/tcp   open     https
587/tcp   open     submission
993/tcp   open     imaps
4190/tcp  open     sieve

But I am concerned that future updates might not be. Is DISABLE_FIREWALL officially supported in that sense?

Yes, it is something that I plan to keep support for. Thanks for checking!