cloak { path = "/jail/${name}"; vnet; exec.prestart += "/usr/local/bin/jail_netgraph_bridge start restricted_nat jail${name} 10.215.2.1/24"; exec.poststop += "/usr/local/bin/jail_netgraph_bridge stop restricted_nat jail${name}"; vnet.interface += "jail${name}"; vnet.interface += "cloak"; devfs_ruleset = 13; mount.devfs; # To expose tun device exec.start += "/bin/sh /etc/rc"; exec.stop = "/bin/sh /etc/rc.shutdown jail"; exec.consolelog = "/var/log/jail_${name}_console.log"; }