firewalld blocking snmp replies

I'm relatively new to firewalld and this one has me banging my head against the wall :/

I have rules configured on my RHEL 8.6 box. I've allowed the application ports using a custom zone - works fine, traffic flowing, no issues.

I have a separate zone configured for "management traffic" - e.g. ssh, snmp, etc. I can SSH to the box with no issues.

My firewalld appears to be blocking the snmp REPLY back to the monitoring server. Using tcpdump, I see the traffic coming into the server on port 161 (as expected) - but the server NEVER sends a reply. If I stop firewalld, then the SNMP reply goes through (so it's not an issues with the snmp config itself)

this one has me really stumped. I'm comparing the config to another machine that is working, and the configs match up.

Any suggestions of where to look would be greatly appreciated!