Nmap showing open ports althought nftables is configured to drop

On a fresh Debian 12 install, I have the following nftables configuration that I believe does the following when activated: - traffic from localhost accepted - established/related traffic accepted - TCP traffic via port 22 accepted

#!/usr/sbin/nft -f

flush ruleset

table inet filter {
        chain input {
                type filter hook input priority 0; policy drop;

                # accept any localhost traffic
                iifname lo accept

                # accept traffic originated from us
                ct state established,related accept

                tcp dport 22 accept
        }

        chain forward {
                # Drop everything (assumes this device is not a router)                  
                type filter hook forward priority 0; policy drop;
        }
}

Note that to switch from configuration with rules to the one without rules, I first systemctl restart nftables, and then verify the rules being applied with nft list ruleset. Consider the case with rules applied, I expect nmap to show only port 22 to be open. However, I get the following:

$ nmap 
Starting Nmap 7.92 ( https://nmap.org  ) at 2024-10-17 10:46 CEST
Nmap scan report for  ()
Host is up (0.043s latency).
Not shown: 990 filtered tcp ports (no-response)
PORT     STATE SERVICE
21/tcp   open  ftp
22/tcp   open  ssh
80/tcp   open  http
82/tcp   open  xfer
84/tcp   open  ctf
85/tcp   open  mit-ml-dev
443/tcp  open  https
554/tcp  open  rtsp
1723/tcp open  pptp
5060/tcp open  sip

Nmap done: 1 IP address (1 host up) scanned in 8.25 seconds

Is the nftables configuration not doing what I think it does? Is it me not understanding what nmap outputs?