The issue is that you will have to find a way to tag the traffic with destination public Internet. In your case traffic entering the internal interface can have three destinations: Internet, DMZ net or the address of the external interface
Code:
# internal LAN to DMZ traffic (dangereous!)
pass in quick on $int from $int:network to $dmz:network tag LAN2DMZ
# only needed e.g. to ping the external interface, so no tag needed here
pass in quick on $int from $int:network to $ext
# the remaining traffic not passed yet is from the internal LAN to the INTERNET
pass in quick on $int from $int:network to any tag LAN2INET
EDIT: Note that normally pf follows a "last match wins" strategy. The only way to circumvent this stragegy it to use
quick. That way the rule will be applied immediately, and no other alternative rules will be sought for and tried.
You could try this approach.