it has to be within some limit, i forget exactly, maybe it's an hour, maybe 6, not sure, but they don't have to be monotonic. this is to deal with the edge case where a miner's clock is wrong but the solution is valid and is a valid candidate for a next block.

timestamps are really only superficial elements in blocks but provide what is called "weak synchrony" to the chain, which it needs in order to govern difficulty for the block emission rate target. the Verge blockchain tried to create a time consensus scheme to eliminate this case and because of it, it had a successful timewarp attack where the attacker stopped the clock and spewed new blocks that all clients accepted. the chances of one rogue miner getting more than a few blocks in a row are nearly zero so it isn't therefore possible to break the weak synchrony of bitcoin using this case, it entirely depends for its security on the astronomical hashpower required to beat the competing miners who mostly are not malicious. i think the p2p network also will react to bogus block submissions if they happen repeatedly by disconnecting from the node that does it too, i'm not 100% sure on this though.

if someone could muster like 20% of hash power they could use this to break bitcoin but that would be impossible logistically in the market. such aggressive demand for ASICs would raise the price dramatically, stopping this from happening.

there's probably more details you can find out in discussions about the hypothetical timewarp attack on bitcoin but functionally, permitting a limited divergence from monotonic block timestamps is part of the mitigation that Satoshi designed.