networks – Allow VRRP in firewall

When implementing a redundant high availability solution, we use keepalived with VRRP traffic and a virtual IP. So far I have enabled VRRP traffic with the following command (in operation)

sudo firewall-cmd --zone = dmz --add-rich-rule = & # 39; rule protocol value = "vrrp" accept & # 39; -Permanent

However, the client asks what port vrrp uses to enable traffic. From what I have understood, the vrrp is using icmp messages to notify keepalived alive.

Is it a satisfactory condition if I ask that icmp traffic be allowed to keep vrrp / keepalived running?