Got some feedback on this from the pfsense devs (thanks Scott and Bill)
On captive portal, Scott says "the only problem was I didn't want to
dive into the C code to extract the last time a captive portal rule
time was hit, etc.".
It was basically a "we have better things to worry about right now"
kind of thing. Switching that to pf is planned for pfsense 1.1.
So that isn't a huge deal.
The shaping is a big deal. It's a combination of a GUI issue and
limitations in pf. You have to apply shaping to firewall rules, and
when you separate shaping and firewall rules into two screens, you now
have two screens with firewall rules that could conflict with each
other. It wouldn't be a big deal if you integrated firewall rules
with shaping, but that'd get confusing very quickly for most users.
Bill says the ideal solution would be the ability to use 'altq' on a
rule rather than 'pass' or 'block', etc. No idea if that's in the
Another issue has been that you can only apply it in one direction per
There are other issues, but that's the just of it. In pfsense 1.0,
shaping between only two interfaces will be supported (LAN/WAN only,
or OPT/WAN only, etc.). The ability to add custom queues will be
eliminated due to issues it currently causes, due to the split between
the firewall and shaping GUI.
There are fixes to these things, but it's a lot of work, and Bill, who
has written most all of this, is in the process of moving. So for the
sake of finding an end somewhere and getting pfsense 1.0 out the door,
the shaping won't be as flexible as it could be, and eventually will
be, as of 1.0 release.
I'm probably missing some details, dig into the pfsense shaping code
if you're interested in all the details.