Are you referring to the ‘Block Internet Use’ section? If so, the destination is your problem. You’re telling it to block everything not destined for your WAN adapter’s subnet (that doesn’t mean internet) which is probably breaking routing and other services running on pfSense (DNS?). If the lab or student devices only need access to other devices on 192.168.10.0/24 then it should be ! LAN net. But double check your routes and also verify they don’t need access to OPT2 and CAPTIVEPORTAL first.