Thanks for the suggestions. I've implemented points #1, #2, and #4.
I'm not sure about #3 because it contradicts Daniels page
http://www.benzedrine.cx/ackpri.html unless I'm missing something?
Also, When I implement the rule set and use pfctl -s rules the macro is not expanded?
# pfctl -sr
pass out on tun0 inet proto tcp from 196.2.19.32 to any flags S/SA keep state queue(q_def, q_pri)
pass in on tun0 inet proto tcp from any to 196.2.19.32 flags S/SA keep state queue(q_def, q_pri)
pass out quick on tun0 inet proto udp from 196.2.19.32 to any port 28960:29000 keep state queue q_cod
pass in quick on tun0 inet proto udp from any to 196.2.19.32 port 28960:29000 keep state queue q_cod