I’m not sure about it but it could be that the routing from the LAN switch to the CPU ports is done by via iptables:
You could also try to use iptables-save to store the current iptables rules and then remove a single rule, restore with iptables-restore until you have a minimal iptable that only contains basic rules and then try to implement that in nftables.