Outbound manual nat rules could break CARP
If user create manual outbound rules with source any it can break carp protocol.
Prevent this by adding protection no nat/rdr rules so those generic rules do not break the carp protocol.
Probably since this is skipped already even in filtering the same fix as for pfsync should be done, just do not send outgoing packets of carp protocol to pf(4)!?