The ftp-proxy in the recent versions of OpenBSD has been rewritten and is different from the old one that seems to be in FreeBSD 11.
Does this from the FreeBSD man page apply (because you use a "hardened" ruleset)?:
Code:
CAVEATS
pf(4) does not allow the ruleset to be modified if the system is running
at a securelevel(7) higher than 1. At that level ftp-proxy cannot add
rules to the anchors and FTP data connections may get blocked.
For debugging you also could use the
-D7 option.