the closest solution to this have already been suggested.
if you redirect only http+https traffic to the captive portal, and allow all other traffic, then you will get the result you need.
The backside of this is that you will basically have a completely open internet access for your guests with no firewall rules.
Then if you do not want this, you need to either remove allow-all and only allow spesific trafic, or allow all and block spesific traffic.