Debugging your setup

If your setup does not conform to spec - debug

First thing to check: is PF enabled?

$ ~$ sudo pfctl -si | grep Status
Status: Enabled for 1 days 21:40:16              Debug: err

Does enabling/disabling PF make a difference?

Do a ruleset walkthrough, based on pfctl -s rules output

$ sudo pfctl -sr 
block return log all
block return log quick from <abusive_hosts> to any
match in all scrub (no-df max-mss 1440)
anchor "ftp-proxy/*" all