chrony port 323 automatically open with firewalld?

Documentation states chrony uses port 323udp by default, versus port 123udp that old NTP used. But where is port 323 defined, because I do not see it in the default /etc/chrony.conf as it comes in a clean install of either RHEL-7.9 or RHEL 8.9. Also, in either /etc/firewalld/zones/public.xml which is the default firewall from a clean install, or even in my custom firewall xml file, I do not open either port 123 or port 323 and chrony seems to work - my time is correct the service is successfully running and chronyc tracking reports Reference ID : 1234ABCD (correctserver.com) Stratum : 4 Ref time (UTC) : Tue Jan 02 20:35:42 2024 System time : 0.000383474 seconds fast of NTP time Last offset : +0.000296875 seconds RMS offset : 0.000736834 seconds Frequency : 11.411 ppm fast Residual freq : +0.003 ppm Skew : 0.094 ppm Root delay : 0.024757780 seconds Root dispersion : 0.091295145 seconds Update interval : 1036.6 seconds Leap status : Normal A netstat -lun does shows Proto Recv-Q Send-Q Local Address Foreign Address State udp 0 0 127.0.0.1:323 0.0.0.0:* udp6 0 0 ::1:323 :::* Biggest question is why is this like this regarding the firewall, since I am pretty sure I did not explicitly open port 323. Where should I look for how port 323udp gets opened with firewalld (in RHEL-7.9) ? And where does chrony explicitly have port number = 323 defined? /etc/firewalld/zones/public.xml has only this : Public For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.