You posted your changes in excerpt form, rather than as a complete ruleset, so it is difficult for me to see what has changed. If you post a complete ruleset, at least we will be comparing results of the same exact rules. I have only tested the rules you posted at the top of this thread.
Some additional thoughts.
- You have separated your inward and outward traffic flows into separate rules. You may have noted that I reported that each state I established required two pass rules instead of one -- A pass in rule and a separate pass out rule. This makes it dificult to understand and then debug your ruleset. For clarity and simplicity, you should try to specify the end-to-end state you wish to establish in a single rule. (Granted, this isn't always possible. Rules with port number definitions must specify proto tcp and/or udp, so they must be defined separately from rules for other protocols.)
- If your initially stated goals (1a through 2b) in the top post have not changed, I could draft a minimal example ruleset to meet them. I wouldn't use your current ruleset, and am unlikely to use any quick rules. Let me know if this is of any interest.