INADDRANY: When 1, jail is allowed to bind to INADDR_ANY. When packet
           comes in, the pchlookup checks the prison IPs.

ROUTING:   Jail gets access to its routing table. This presently implies
           that the jail gets its own private routing table via new
	   jail options.

DEVMEM:    Jail gets a real /dev/mem and /dev/kmem instead of a
           symlink to /dev/null. This pretty much bypasses security so
           its not something to do on widearea nodes, but on local
           nodes that fine.