In general bear in mind that in a stateful firewall, the permissive rules are normally used to control only the process of creation of a new connection. So in order to be able to block already established connections and at the same time let mid-connection packets be still handled by just a single rule, you'd have to have several "accept established,related" rules with additional match conditions (matching on address lists or interface lists) and let the time conditions enable just one of them at any given time. Time conditions have the specialty of removing the rule from the internal chains outside the active time, so the packets are not matched against it at all.
If you use fasttracking, the above won't work as the fasttracked packets bypass firewall rules completely and most connections can survive a dropped packet now and then.
Plus if you wanted to have more than one time window, things would quickly get complicated.
So all in all I think scheduled scripts are a better way.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.