You can use the expiretable port (/usr/ports/security/expiretable) to flush the table of entries older than a certain time:
Code:
# Every 5 minutes, clean out the bruteforce pf table of entries older than 1 hour
*/5 * * * * root /usr/local/sbin/expiretable -t 3600 ssh-bruteforce