Chris Burrows contributed A duffers guide to setting up a portal to allow visitors limited access to the Internet.
Jonathan De Graeve has implemented a number of new RADIUS features for Captive Portal that will be implemented in a future beta version. For now, these features are available on test images available for download from http://inf.imelda.be/downloads/m0n0wall/.
Features currently implemented in the test images include:
RADIUS-defined URL redirection taking precedence over URL redirection parameter in captive portal setup page.
Multiple RADIUS server support
Failure message on captive portal login error page, plus logging to the captive portal log on why authentication failed (user account exceeded bandwidth limit, bad password, etc.).
Cisco-compatible feature (sending calling-station-id with clientip and called-station-id with clientmac instead of standard behavior calling-station-id and clientmac).
Timeout parameter and max authentication retries parameter
retrieval of user bandwidth settings
retrieval of user group
retrieval of session-timeout
Retrieval means the variable is present and CAN be used, but there is no action bound to it yet.
You can utilize Captive Portal and its MAC pass-through functionality for rudimentary MAC address restrictions.
Enable Captive Portal on the desired interface (e.g. LAN) at the Services -> Captive Portal screen. Create a HTML page of your liking that does not include the submit button so the user cannot authenticate with the captive portal. Other settings can all be left at their defaults.
Click the "Pass-through MAC" tab on the Captive Portal screen. Click the + to start adding permitted MAC addresses. In the MAC address box, type in the six hex octets separated by colons (e.g. ab:cd:ef:12:34:56), optionally (but recommended) enter a description, and click Save. Repeat for every authorized host on your network.