Yep, so this comes up quite a bit, and is likely to get more common as more people (without knowing) move to nftables as they move to newer OSes.
See
and
But basically if there is cause to drop/reject a packet in any of the nftables tables then it will be dropped/rejected even if its allowed in another table.
So LXD adds its allow rules to nftables in its own lxd table, but then your default reject rules in INPUT and FORWARD chains of the main filter table take over and block the traffic.
So going back to what we said at the start, you need to configure your existing firewall traffic to allow the same rules (or more) of what LXD adds.