I would not use rdr-to, as that is designed for port forwarding. Instead, I would simply block the traffic by default, and use pass rules in the auth-pf anchor to pass the desired traffic. The example in the PF User's Guide uses pass rules for the anchor set.
For more specific help, please post your PF ruleset, and your authpf anchor rules. (You should redact any "real" Internet network addresses to maintain privacy.)
|