Here's a PF configuration suggestion, as follow-up. Use PF's Anchor facility.
- Set your standard, default configuration to block the subnet.
- Add an anchor where transient pass rules would be applied.
- Add cron jobs to add and remove the anchor rules
On boot, access would be blocked as you desire. You could manually execute the scripts to add or remove the achor rules outside the cron(8) schedule.
See
http://www.openbsd.org/faq/pf/anchors.html