cloak { path = "/jail/${name}"; vnet; exec.prestart += "/usr/local/bin/jail_netgraph_bridge start restricted_nat jail${name} 10.215.2.1/24"; # Create a dummy interface that is never used, just to create the cloak bridge that is used by children. exec.prestart += "/usr/local/bin/jail_netgraph_bridge start cloak dummy${name} 192.168.1.0/24"; exec.poststop += "sleep 10; /usr/local/bin/jail_netgraph_bridge stop cloak dummy{name}"; exec.poststop += "sleep 10; /usr/local/bin/jail_netgraph_bridge stop restricted_nat jail${name}"; vnet.interface += "jail${name}"; vnet.interface += "cloak"; devfs_ruleset = 13; mount.devfs; # To expose tun device mount.fstab = "/etc/fstab.${name}"; exec.start += "/bin/sh /etc/rc"; exec.stop = "/bin/sh /etc/rc.shutdown jail"; exec.consolelog = "/var/log/jail_${name}_console.log"; }