What to put in devfs for a typical jail

[Paul Hoffman]

Greetings. I want to set up a jail for a web server. It only needs to 
access the things a normal system would (its own disk space, the 
network controller, the keyboard, and so on). I need to be SSHing 
into the jailed system to control it.

The manpage for jail says:
      NOTE: It is important that only appropriate device nodes in devfs be
      exposed to a jail; access to disk devices in the jail may permit pro-
      cesses in the jail to bypass the jail sandboxing by modifying files out-
      side of the jail.  See devfs(8) for information on how to use devfs rules
      to limit access to entries in the per-jail devfs.


What should I do for /etc/devfs.rules on the host? What should I be excluding?