I'm trying to put together a simple captive portal of sorts and would like to leverage pf to help if possible. Basically if a certain pf rule is hit, I'd like remove the "captiveness" that I current have pf providing and allow the user to have fewer restrictions. I realize I can use authpf for this, but the ssh requirement is too high. I have currently been doing this with tables, max-src-conn and overload, but having to exceed max-src-conn to get an IP in the "not captive" table is not ideal. I could also have a process that monitors pflog and adds an IP to this table, but I find this not an ideal solution as well. I've reviewed the man page I noticed the little talked about once "one shot" rule option as well, but I don't see a way to apply this here and I even thought about trying to use dhcpd's -L for this, but it seems to be a non-starter for me too.
I hope I provided enough detail to explain what I'd like to do and I'd appreciate any ideas. I realize I also might be trying to use pf as a universal hammer ;) . Cheers.