Add a jail that will serve dhcp for clients connecting to the open nat bridge.

ansible/roles/devfs/files/odo_devfs.rules

@@ -11,3 +11,9 @@ add path pf unhide
 add path pflog unhide
 add path pfsynv unhide
 add path 'tun*' unhide
+
+[tajaildhcp=14]
+add include $devfsrules_hide_all
+add include $devfsrules_unhide_basic
+add include $devfsrules_unhide_login
+add path 'bpf*' unhide

ansible/roles/jail/files/jails/nat_dhcp.conf

@@ -0,0 +1,11 @@
+nat_dhcp {
+    path = "/jail/main/jails/nat_dhcp";
+    vnet;
+    vnet.interface += "host_link3";
+    devfs_ruleset = 14;
+    mount.devfs; # To expose tun device
+
+    exec.start += "/bin/sh /etc/rc";
+    exec.stop = "/bin/sh /etc/rc.shutdown jail";
+    exec.consolelog = "/var/log/jail_${name}_console.log";
+}