My recent post covers the basics of this:
Works! Limiting multiple LAN users, thru single external proxy
http://forum.pfsense.org/index.php/topic,60861.0.html
In general, to create different speed groups, you need to do some coordination of your network addresses, and you can't just use automatic address assignment by DHCP for the entire building LAN.
You'll probably want to inventory all the MAC addresses of the public machines so that they can be assigned addresses within the same common block, via DHCP MAC reservations . (You can also manually assign addresses directly to each machine without DHCP reservations, though this can be a maintenance hassle if the machines are wiped and reimaged occasionally.)
The collective address range is then restricted by the limiter. Anything outside the range would be permitted full speed.
A more thorough option is to group all the wired public machines into a single network switch or a VLAN, and then applying a subnet and automatic DHCP to that entire group through an optional interface on your pfSense router.
This requires lots of fiddly crawling around under tables, locating of ports on walls and who is what port number, and then moving cables around in closets to put all the wires into a common group on a single switch or to make a VLAN range of ports.
(You can also create a freeform VLAN for scattered ports across the switch without moving cables on the switches, but this is more management hassle later if there's a problem, IMO.)
This would allow the computers to all be limited without needing to do DHCP reservations, and also allows for an open public wifi service for patron laptops and mobile devices to join the subnet and be limited also.