> Does this mean that the upgrade from ascii to beowulf is not transparent
> and that I risk losing the iptables on my front-end machine when I do it?

That is precisely what happened to me, for unclear reasons.
Cannot say if this is systematic, or if I fell upon a specific use case
trap.

Manually save your rules, as in: do not merely rely on you if-pre-up.d/
& if-post-down.d/ scripts.

As stated before, you'll always be able to restore exported rules, as
nftables keeps backwards-compatible tools allowing to load your saved
rulesets from iptables.
It *might* just not happen automatically during the upgrade process, as
I experienced.

Bernard Rosset
https://rosset.net/