Since we are still pre-rollout, I want the new defaults to work, i.e. build the orchestration for nftables and not rely on the shim.
A key observation I made is that while iptables mostly smoothly translates basic filter rules back and forth, rules relevant to LXD completely fail to show up with the usual commands. For example, iptables-save -t nat no longer represents all nat rules. This is due to LXD putting them in its own table (table inet lxd) rather than the system default table (table ip nat). This was not documented in release notes, so I completely missed it when designing the updates for our installer.
And as a correction to my comment above, ufw does not generate rules for legacy iptables in parallel. I was simply confused by the fact that the rules reside in separate tables, of which iptables only shows the one with ufw-generated rules.
Now I just have to figure out why the same proxy device declarations no longer work on 22.04 with nftables.