PF No packet redirection through localhost to podman container

[override]

Hi,
I have been searching for a while for solution of my problem but found none.

I start by provading my /etc/pf.conf:

ext_if = "lagg0"
int_if = "vm0"
localnet = $int_if:network

table <cni-nat> persist

scrub in all fragment reassemble no-df max-mss 1440

nat on $ext_if inet from { self, $localnet } to any -> ($ext_if) static-port
nat on $ext_if inet from <cni-nat> to any -> ($ext_if) static-port

nat-anchor "vpn/*"
nat-anchor "cni-rdr/*"

rdr-anchor "vpn/*"
rdr-anchor "cni-rdr/*"

block all

pass proto icmp

anchor "vpn/*"
anchor "cni-rdr/*"

pass in on $ext_if proto tcp from $ext_if:network to any port 2049 flags S/SA keep state
pass in on $ext_if proto { tcp, udp } from $ext_if:network to any port 7745

pass from { self, $localnet } to any keep state
pass from <cni-nat> to any keep state

/etc/sysctl.conf contains net.pf.filter_local=1.

After system restart, host have access to network resources but can't connect to application in container through localhost.
After restarting pf service I can access application in container using localhost but any other connection
is blocked by firewall (checked by block log all).
Loading configuration by pfctl -vf /etc/pf.conf change nothing in either of cases.

I had also tested example configuration with the same results.

P.S. Commands I have been using for connection testing
podman run --rm --name freebsd -p 8080:8080 -it ghcr.io/freebsd/freebsd-toolchain:15.0 nc -l 8080
for container and nc localhost 8080 for client