I've analyzed the situation on Jammy, Impish and Focal and got the following result:

Jammy+Impish:
/usr/lib/sysctl.d/50-default.conf:net.ipv4.conf.default.rp_filter = 2
=> shadowed but equal value
/usr/lib/sysctl.d/50-default.conf:net.ipv4.conf.*.rp_filter = 2
=> shadows default.rp_filter & all.rp_filter (equal value)
/usr/lib/sysctl.d/50-default.conf:-net.ipv4.conf.all.rp_filter
/usr/lib/sysctl.d/50-default.conf:kernel.sysrq = 16

Focal (shadowed, but equal value):
fs.protected_hardlinks = 1
fs.protected_symlinks = 1

So the critical ones seem to be kernel.sysrq = 16 and the removal of -net.ipv4.conf.all.rp_filter



Settings shipped by procps:

Jammy:
root@jj:~# grep -v '^\s*$\|^\s*\#' -R /etc/sysctl.* # (excluding README.sysctl)
/etc/sysctl.d/10-zeropage.conf:vm.mmap_min_addr = 65536
/etc/sysctl.d/10-network-security.conf:net.ipv4.conf.default.rp_filter=2
/etc/sysctl.d/10-network-security.conf:net.ipv4.conf.all.rp_filter=2
/etc/sysctl.d/10-kernel-hardening.conf:kernel.kptr_restrict = 1
/etc/sysctl.d/99-cloudimg-ipv6.conf:net.ipv6.conf.all.use_tempaddr = 0
/etc/sysctl.d/99-cloudimg-ipv6.conf:net.ipv6.conf.default.use_tempaddr = 0
/etc/sysctl.d/10-ptrace.conf:kernel.yama.ptrace_scope = 1
/etc/sysctl.d/10-console-messages.conf:kernel.printk = 4 4 1 7
/etc/sysctl.d/10-ipv6-privacy.conf:net.ipv6.conf.all.use_tempaddr = 2
/etc/sysctl.d/10-ipv6-privacy.conf:net.ipv6.conf.default.use_tempaddr = 2
/etc/sysctl.d/10-magic-sysrq.conf:kernel.sysrq = 176

Impish:
- same as Jammy

Focal:
- same as Jammy, plus:
/etc/sysctl.d/10-link-restrictions.conf:fs.protected_hardlinks = 1
/etc/sysctl.d/10-link-restrictions.conf:fs.protected_symlinks = 1


Settings shipped by systemd:

Jammy:
root@jj:~# grep -v '^\s*$\|^\s*\#' -R /usr/lib/sysctl*
/usr/lib/sysctl.d/50-default.conf:kernel.sysrq = 16
/usr/lib/sysctl.d/50-default.conf:kernel.core_uses_pid = 1
/usr/lib/sysctl.d/50-default.conf:net.ipv4.conf.default.rp_filter = 2
/usr/lib/sysctl.d/50-default.conf:net.ipv4.conf.*.rp_filter = 2
/usr/lib/sysctl.d/50-default.conf:-net.ipv4.conf.all.rp_filter
/usr/lib/sysctl.d/50-default.conf:net.ipv4.conf.default.accept_source_route = 0
/usr/lib/sysctl.d/50-default.conf:net.ipv4.conf.*.accept_source_route = 0
/usr/lib/sysctl.d/50-default.conf:-net.ipv4.conf.all.accept_source_route
/usr/lib/sysctl.d/50-default.conf:net.ipv4.conf.default.promote_secondaries = 1
/usr/lib/sysctl.d/50-default.conf:net.ipv4.conf.*.promote_secondaries = 1
/usr/lib/sysctl.d/50-default.conf:-net.ipv4.conf.all.promote_secondaries
/usr/lib/sysctl.d/50-default.conf:-net.ipv4.ping_group_range = 0 2147483647
/usr/lib/sysctl.d/50-default.conf:-net.core.default_qdisc = fq_codel
/usr/lib/sysctl.d/50-default.conf:fs.protected_hardlinks = 1
/usr/lib/sysctl.d/50-default.conf:fs.protected_symlinks = 1
/usr/lib/sysctl.d/50-default.conf:fs.protected_regular = 1
/usr/lib/sysctl.d/50-default.conf:fs.protected_fifos = 1
/usr/lib/sysctl.d/50-pid-max.conf:kernel.pid_max = 4194304

Impish:
- same as Jammy

Focal:
root@ff:~# grep -v '^\s*$\|^\s*\#' -R /usr/lib/sysctl*
/usr/lib/sysctl.d/50-default.conf:net.ipv4.conf.default.promote_secondaries = 1
/usr/lib/sysctl.d/50-default.conf:net.ipv4.conf.*.promote_secondaries = 1
/usr/lib/sysctl.d/50-default.conf:-net.ipv4.conf.all.promote_secondaries
/usr/lib/sysctl.d/50-default.conf:-net.ipv4.ping_group_range = 0 2147483647
/usr/lib/sysctl.d/50-default.conf:net.core.default_qdisc = fq_codel
/usr/lib/sysctl.d/50-default.conf:fs.protected_regular = 1
/usr/lib/sysctl.d/50-default.conf:fs.protected_fifos = 1
/usr/lib/sysctl.d/50-pid-max.conf:kernel.pid_max = 4194304
/usr/lib/sysctl.d/protect-links.conf:fs.protected_fifos = 1
/usr/lib/sysctl.d/protect-links.conf:fs.protected_hardlinks = 1
/usr/lib/sysctl.d/protect-links.conf:fs.protected_regular = 2
/usr/lib/sysctl.d/protect-links.conf:fs.protected_symlinks = 1

=> Focal changes:
fs.protected_regular = 2
net.core.default_qdisc = fq_codel