how to use sshd on lan interfaces only ?

[SirDice]

At this point I am an expert at locking myself out of ssh.

Been there, done that. Simple tip, put your new ruleset in /etc/pf.conf.new for example. Then if you do this remotely, pfctl -f /etc/pf.conf.new && sleep 60 && pfctl -f /etc/pf.conf
That will load your new ruleset, sleep for 60 seconds, then load the original again. If you've made a mistake and locked yourself out just wait 60 seconds for the original (working) ruleset to be loaded again.