So in the other old thread on this forum which I had resurrected, unman told me that the right syntax is:
nft insert rule qubes custom-input tcp dport XX accept
This puts my rule into the custom-input chain in the qubes ip table.
On the other hand, using the old compatibility iptables interface (like I had been) puts my rule in the INPUT chain in the qubes ip table, which I guess is bypassed with the new qubes nft rules.
This situation is almost covered in the docs here: Firewall — Qubes OS Documentation but I ignored it because the example has a full-on firewall qube between the client and server qubes which I don’t have.