pfSense

If you have Limiters configured and are sending traffic through then using pf firewall rules that traffic can fail if it also runs through ipfw. That means if the captive portal is enabled on any interface.

Traffic using Limiters created by the captive portal is sent to dummynet by ipfw and passes correctly.

Not all traffic fails. For example if you have Limiters defined on LAN and run an iperf test from a client on LAN to a server on WAN a reverse test succeeds. The server is mostly sending traffic to the client but the client must send some traffic other way and that passes. If you run test the other way it fails almost immediately. It appears once queue is full:

Limiters:
00001:  20.000 Mbit/s    0 ms burst 0 
q131073  50 sl. 0 flows (1 buckets) sched 65537 weight 0 lmax 0 pri 0 droptail
 sched 65537 type FIFO flags 0x0 0 buckets 1 active
BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp
  0 ip           0.0.0.0/0             0.0.0.0/0     2247555 1375041930 50 27537  37

Once it has failed no traffic an pass until the state has timed out. Other traffic still opens states in pf but no packets reach it:

LAN2     icmp     172.22.22.10:6 -> 8.8.8.8:6     0:0     0 / 0     0 B / 0 B

Tested in 22.01-REL and 2.6-REL.
The patch applied to correct the captive portal not passing does not help here.