The Captive Portal function in pfSense allows you to secure a network by requiring a username and password (or just a click through), entered on a portal page.
If you are using authentication, this can be performed using pfSense's built-in user management, or an external authentication server such as a RADIUS server.
The best source of captive portal information can be found in the pfSense book.
There are several tabs available for the captive portal setup, each described below:
General management of captive portal setup and authentication. Each option is described in detail on the page
Allows you to manage a list of MAC addresses which are allowed to bypass the portal.
When specified by MAC address in this way, the client's IP address may change and they will still be allowed through. However, the client will still be disconnected after the captive portal timeout period has elapsed.
Allows you to manage a list of IP addresses which can either:
These IP addresses will bypass the portal authentication in the direction specified.
One-time use portal access codes, described in more detail in: Captive Portal Vouchers.
Lets you manage the files which can be used to make up the contents of the captive portal authentication/click-through page.
On pfSense 2.1, Captive Portal zones allow for the creation of separate, independent portals that operate on one or more separate interfaces. For example, there could be a zone for Wireless and a zone for Wired. Each zone has a completely isolated set of pages, configuration, users, etc.
One zone may by used by multiple interfaces, but only one zone may be used per interface.