pf: Dynamically add rule to nat-anchor

I connect to a Cisco VPN Server and want to share that connection via wifi. Using the macOS Internet Sharing feature, I can only select one interface to share - either my LAN adapter, or the VPN connection. Clients on the wifi can then only connect to either the iNet, or the VPN. The VPN Server is only creating a split-tunnel connection - and switching to full tunnel is unfortunately not an option. Setting my nat rules directly in /etc/pf.conf/ works fine and solves my problem to a degree. I want to script and dynamically add them using a nat-anchor. Setting the anchor with load for an external config works, however when I define my anchor in pf.conf and try to populate my rules using pfctl like so:

echo "                                                                                                                                      
nat on en8 from bridge100:network to any -> (en8)
nat on utun1 from bridge100:network to any -> (utun1)" | pfctl -a my.anchor -f -

or as a one-liner:

echo -e "nat on en8 from bridge100:network to any -> (en8)\nnat on utun1 from bridge100:network to any -> (utun1)\n" | pfctl -a my.anchor  -f -

(w/ or w/o the trailing \n) I can confirm that the rules are set on my anchor using pfctl -sn -a my.anchor but the actual routing remains unchanged. What am I doing wrong here?