I have set up a pfSense Captive portal service witch blocks access for unauthorized users. Generally, without CP enabled, packets can pass away with no restriction.
The thing I want is to set the firewall in the way the traffic can pass only via CP rules. When I add a firewall rule that blocks everything at the end of the list, then authenticated users cannot use the internet, because it seems that firewall rules applies before CP rules.
The reason why I want to set strict rules is that if the CP service fails to start for some reason, without aditional firewall rule, internet access will be open for everyone, witch can be dangerous.
How can I create block rule in fw without blocking CP?