NAT state expires too quickly

[ajr]

Hi,

I'm new to the forum and I started with OPNsense a week ago, but had experience with PF on OpenBSD.
By the way the PF GUI of OPNsense is very nice and seems to cover everything, I can do per CLI.

My problem: I'm seeing :

15:18:49.578790 00:0d:b9:48:5c:1d > cc:ce:1e:b3:75:7f, ethertype IPv4 (0x0800), length 93: (tos 0x0, ttl 63, id 10937, offset 0, flags [none], proto UDP (17), length 79)
    192.168.178.11.12183 > 216.239.36.102.53: 28605+ [1au] A? python.org. (51)
15:18:49.616477 cc:ce:1e:b3:75:7f > 00:0d:b9:48:5c:1d, ethertype IPv4 (0x0800), length 114: (tos 0x0, ttl 60, id 41050, offset 0, flags [none], proto UDP (17), length 100)
    216.239.36.102.53 > 192.168.178.11.12183: 28605 Refused- 0/0/1 (72)

The dns query comes in from a vlan with a private net and is being NATed on the WAN interface.
However the answer gets "refused".
So why is the state gone?
Shouldn't all packets in the NATed flow allow to pass w/o any rule?
This is the WAN interface (igb1 on my pcengines APU)

I did not change settings and automatic rules.

ping to the remote host flows as expected. However, I have a floating rule to allow ICMP queries from any to any.

Please advice.