I have a vnet jail for my physical NIC. In order to start the pf service in that jail, I had to add a devfs.rule to unhide /dev/pf.
I also have wireguard jails which I intend to do the same, and connect them to my NIC-jail. (everything is vnet).
Does anyone know if this is a bad idea?
I'm creating a series of network gateway/tunnels with vnet and jails (FreeBSD 12.1p8). The topology looks something like this:
NICjail: Contains the physical NIC (igb0), bridge0, and epair members for connection to other tunnel jails (VPNs, Tor, I2P).
VPN1jail: Connects to NICjail via epair...