Scott,
Your page does have an interesting ... well, to use Mr. Hansteen's words,
unix trick. A cron job to automatically disable PF while modifying a remote server is something I would not have considered. In my case, I don't normally need it -- my remote firewalls are paired and coupled together by null-modem cables, which mitigates the risk of finger fumbles on one of them.
I note you recommend the OpenBSD PF Users' Guide. There has been
significant divergence since FreeBSD last forked PF, and significant syntax change.
The FreeBSD Handbook (29.3) warns about the version differences, but does not tell the reader that they could obtain an HTML extraction of the PF Users' Guide that matches the FreeBSD version being used. I'm a little surprised no one has bothered to do that for Handbook readers.
You might consider adding these older guides to your page, since they're not in the Handbook.
For example, to obtain the OpenBSD 4.1-release and 4.5-release versions of the User's Guide, something like these should work, though I have not tested the command. I selected the day following each release, and an AnonCVS server in Canada, though a nearer server will be faster, see the list at
http://www.openbsd.org/anoncvs.html
For 4.1:
$ cvs -d anoncvs@anoncvs1.ca.openbsd.org:/cvs get -D "May 2, 2007" www/faq/pf
For 4.5:
$ cvs -d anoncvs@anoncvs1.ca.openbsd.org:/cvs get -D "May 2, 2009" www/faq/pf