Add a jail that will serve dhcp for clients connecting to the open nat bridge.

ansible/environments/laptop/host_vars/odofreebsd

@@ -39,6 +39,10 @@ users:
 devfs_rules: "odo_devfs.rules"
 jail_zfs_dataset: zroot/freebsd/release/jails
 jail_zfs_dataset_mountpoint: /jail/main
+jail_list:
+  - name: nat_dhcp
+    conf:
+      src: nat_dhcp
 bhyve_dataset: zroot/freebsd/release/vm
 bhyve_list: []
 efi_dev: /dev/gpt/EFI

ansible/roles/devfs/files/odo_devfs.rules

@@ -11,3 +11,9 @@ add path pf unhide
 add path pflog unhide
 add path pfsynv unhide
 add path 'tun*' unhide
+
+[tajaildhcp=14]
+add include $devfsrules_hide_all
+add include $devfsrules_unhide_basic
+add include $devfsrules_unhide_login
+add path 'bpf*' unhide

ansible/roles/jail/files/jails/nat_dhcp.conf

@@ -0,0 +1,11 @@
+nat_dhcp {
+    path = "/jail/main/jails/nat_dhcp";
+    vnet;
+    vnet.interface += "host_link3";
+    devfs_ruleset = 14;
+    mount.devfs; # To expose tun device
+
+    exec.start += "/bin/sh /etc/rc";
+    exec.stop = "/bin/sh /etc/rc.shutdown jail";
+    exec.consolelog = "/var/log/jail_${name}_console.log";
+}