I manage a pf.conf with about 400 rules across a dozen VLANs, I find it intuitive and even enjoyable to work on. It feels kinda like editing source code - there are some host, network, and port declarations at the top, a section for NAT and egress, then a section for each VLAN that contains the pass in/pass out rules.

I tail the pflog0 interface in a tmux session so I can keep an eye on pass/block, and also keep a handy function in my .profile to make it easy to edit the ruleset and reload:

    function pfedit {
            vi /etc/pf.conf && \
            pfctl -f /etc/pf.conf && \
            { c=`pfctl -s rules | wc -l | tr -d ' '`; printf 'loaded %s rules\n' "$c"; }
    }