devfs.rules: unhide pf in vnet jails

/dev/pf is usable in vnet jails, so don't hide the node there.

We shouldn't expose /dev/pf in regular jails, as that gives them control over
the host (or parent vnet jail) firewall.

Reviewed by:	bz
Differential Revision:	https://reviews.freebsd.org/D26537

sbin/devfs/devfs.rules

@@ -86,3 +86,7 @@ add include $devfsrules_unhide_basic
 add include $devfsrules_unhide_login
 add path fuse unhide
 add path zfs unhide
+
+[devfsrules_jail_vnet=5]
+add include $devfsrules_jail
+add path pf unhide