First, NAT is not necessarily stateful, just the common home router PAT or the telco CGNAT varieties of NAT are.
Second, NAT does not filter, that is what a firewall does. NAT only rewrites addresses. If there is no state for a connection in a stateful NAT, it looks up whether there are any rules for how to rewrite that connection, then adds a NAT state entry that specifies how to rewrite that connection (including, potentially, not at all), and in any case the (potentially rewritten) then gets forwarded--unless a firewall drops it.
First, NAT is not necessarily stateful, just the common home router PAT or the telco CGNAT varieties of NAT are.
Second, NAT does not filter, that is what a firewall does. NAT only rewrites addresses. If there is no state for a connection in a stateful NAT, it looks up whether there are any rules for how to rewrite that connection, then adds a NAT state entry that specifies how to rewrite that connection (including, potentially, not at all), and in any case the (potentially rewritten) then gets forwarded--unless a firewall drops it.