conditional nat using ! negation

[fddi <fddi%comcast.net@localhost>]

Hello,

I am trying to achieve negation for npf firewall rules, but seems like 
it is not working and it is completely ignoring it. Or most likely I did 
not figure out how to do it correctly.

I would like to nat traffic only to certain destinations NOT matching 
specific subnets.

So for example, nat any clients from 172.16.10.0/23, 172.16.1.0/24 to 
any desination NOT matching 131.241.0.0/16, thus traffic to 
131.241.0.0/16 is supposed to be routed and not natted.

$pub_if = "vioif0"
map $pub_if dynamic any -> inet4($pub_if) pass family inet4 from { 
172.16.10.0/23, 172.16.1.0/24 } to ! 131.241.0.0/16

but this is what "npfctl validate" or "npfctl show" is showing:

map vioif0 dynamic any -> 131.154.4.29 pass family inet4 from { 
172.16.10.0/23, 172.16.1.0/24 } to 131.241.0.0/16

The negation mark (!) is ignored

this for any firewall rule that I may need to write using negation (!)

I was used to PF where to achieve this is very easy.
According to npf man page.

"     The from and to keywords are provided to filter by source or 
destination
     IP addresses.  They can be used in conjunction with the port keyword.
     Negation (the exclamation mark) can be used in front of the address
     filter criteria."

However I was not able to make it work neither find any example.

Anyone is successfully using negation in firewall rules?

Best

Rick