If your setup does not conform to spec - debug
First thing to check: is PF enabled?
$ ~$ sudo pfctl -si | grep Status Status: Enabled for 1 days 21:40:16 Debug: err
Does enabling/disabling PF make a difference?
Do a ruleset walkthrough, based on pfctl -s rules output
$ sudo pfctl -sr block return log all block return log quick from <abusive_hosts> to any match in all scrub (no-df max-mss 1440) anchor "ftp-proxy/*" all