Many typo fixes and some rewording (#80)

LICENSE

@@ -38,8 +38,8 @@ Some pictures are licensed under the Creative Commons Zero (CC0) license:
 
 https://creativecommons.org/publicdomain/zero/1.0/
 
-# Logo's
+# Logos
-Logo's may be subject to additional copyrights, property
+Logos may be subject to additional copyrights, property
 rights, trademarks etc. and may require the consent of a third party or the
 license of these rights. Deciso B.V. does not represent or make any warranties
 that it owns or licenses any of the mentioned, nor does it grant them.

README.md

@@ -22,7 +22,7 @@ Some pictures are licensed under the Creative Commons Zero (CC0) license:
 
 https://creativecommons.org/publicdomain/zero/1.0/
 
-Logo's may be subject to additional copyrights, property 
+Logos may be subject to additional copyrights, property 
 rights, trademarks etc. and may require the consent of a third party or the
 license of these rights. Deciso B.V. does not represent or make any warranties
 that it owns or licenses any of the mentioned, nor does it grant them.

source/develop.rst

@@ -7,7 +7,7 @@ Development Manual
 The OPNsense® project invites developers to start developing with OPNsense:
 "For your own purpose or even better to join us in creating the best FreeBSD
 based open source firewall available!" The development workflow & build process
-has been redesigned to make it more straightforward and easy for developers to
+have been redesigned to make it more straightforward and easy for developers to
 build OPNsense.
 
 Being able to get the sources and build it yourself is one of the key factors of

source/development/architecture.rst

@@ -81,7 +81,7 @@ first layer initializes Phalcon’s routing, which handles requests and
 delivers them to the controller based on its url. User content is
 generated using Volt templates, which are picked by the controller.
 Because Phalcon’s default Models function with (relational) databases
-and we are using xml data, our model implementation is custom. But
+and we are using XML data, our model implementation is custom. But
 wherever possible we use components from Phalcon (for example,
 validation is handled using Phalcon’s classes). For a detailed
 description on the routing principles used in OPNsense, visit Frontend
@@ -98,7 +98,7 @@ controllers, with the use of views, can be found at :doc:`/development/frontend/
 Models
 ------
 
-All models are defined by a combination of a class and an xml containing
+All models are defined by a combination of a class and an XML containing
 a (nested) definition. More information on defining models can be found
 at the frontend model page :doc:`/development/frontend/models`.
 

source/development/components/acl.rst

@@ -45,7 +45,7 @@ Using the system from php is rather simple:
 Usage in Volt templates
 -----------------------
 
-The acl scheme is bound to the default UI controller, and can be used by
+The ACL scheme is bound to the default UI controller, and can be used by
 using the acl keyword:
 
 .. code-block:: jinja

source/development/components/menusystem.rst

@@ -37,8 +37,8 @@ An example of how to create a menu, is given below:
     // test, print menu as structured named array
     print_r($menu->getItems("/testpage.php"));
 
-The current version only implements a static menu defined by one xml file
+The current version only implements a static menu defined by one XML file
-(models/OPNsense/Base/Menu/Menu.xml), but extending with additional xml files
+(models/OPNsense/Base/Menu/Menu.xml), but extending with additional XML files
 is already supported in the component for future use.
 
 --------

source/development/examples/helloworld.rst

@@ -120,7 +120,7 @@ Not all modules contain additional code in the php class, sometimes all
 the standard behaviour is already sufficient for your
 modules/application.
 
-Which is the model xml template, our skeleton starts with something like
+Which is the model XML template, our skeleton starts with something like
 this:
 
 .. code-block:: xml
@@ -266,9 +266,9 @@ Adding Fields
 .. rubric:: Adding fields to your model
    :name: adding-fields-to-your-model
 
-When building the skeleton, we have created an empty model (xml), which
+When building the skeleton, we have created an empty model (XML), which
 we are going to fill with some attributes now. The items section of the
-model xml should contain the structure you want to use for your
+model XML should contain the structure you want to use for your
 application, you can create trees to hold data in here. All leaves
 should contain a field type to identify and validate it’s content. The
 list of attributes for our application can be translated to this:
@@ -310,12 +310,12 @@ Enabled).
 Presentation XML
 ----------------
 
-.. rubric:: Create a presentation xml to feed your template
+.. rubric:: Create a presentation XML to feed your template
    :name: create-a-presentation-xml-to-feed-your-template
 
 Because creating forms is one of the key assets of the system, we have
 build some easy to use wrappers to guide you through the process. First
-we create an xml file for the presentation, which defines fields to use
+we create an XML file for the presentation, which defines fields to use
 and adds some information for your template to render. Create a file in
 your controller directory using the sub directory forms and name it
 general.xml. Next copy in the following content:
@@ -392,7 +392,7 @@ Create API calls
    :name: create-api-calls-to-retrieve-and-store-data
 
 The framework provides some helpful utilities to get and set data from
-and to the configuration xml by using your defined model. First step in
+and to the configuration XML by using your defined model. First step in
 binding your model to the system is to add a method to the
 SettingsController to fetch the data from our configuration (or provide
 the defaults if there is no content).
@@ -530,7 +530,7 @@ Let’s give it a try and save our data, without modifying it first.
 
 Next correct the errors and save again, on successful save the data
 should be stored in the config.xml. If you want to change validation
-messages, just edit the model xml and add your message in the
+messages, just edit the model XML and add your message in the
 ValidationMessage tag. For example:
 
 .. code-block:: xml
@@ -848,15 +848,15 @@ automatically picks up this new information.
 Plugin to access control (ACL)
 ------------------------------
 
-If we want to authorize users to access this module, we can add an acl
+If we want to authorize users to access this module, we can add an ACL
 to this module. Without it, only admin users can access it. Create an
-xml file in the model directory name ACL/ACL.xml and place the following
+XML file in the model directory name ACL/ACL.xml and place the following
 content in it:
 
 .. code-block:: xml
 
     <acl>
-        <!-- unique acl key, must be globally unique for all acl's  -->
+        <!-- unique acl key, must be globally unique for all ACLs  -->
         <page-user-helloworld>
             <name>WebCfg - Users: Hello World! </name>
             <description>Allow access to the Hello World! module</description>
@@ -867,7 +867,7 @@ content in it:
         </page-user-helloworld>
     </acl>
 
-This creates an acl key named “page-user-helloworld” which authorizes
+This creates an ACL key named “page-user-helloworld” which authorizes
 access to both the ui and API urls of this application. You can now
 grant access to this module from the system user manager.
 

source/development/frontend/models.rst

@@ -4,7 +4,7 @@ Creating Models
 
 A model represents the data which the application will use and takes
 care of the interaction to that data. In OPNsense most of the relevant
-data is physically stored in an xml structure (config.xml). The primary
+data is physically stored in an XML structure (config.xml). The primary
 goal for OPNsense models is to structure the use of configuration data,
 by creating a clear abstraction layer.
 
@@ -44,7 +44,7 @@ When you design a model, the next thing to do is to figure out what data is
 relevant for your application or module and think of the rules it should comply
 to (for example, if you need an email address you might want to validate the
 input). Designing the actual model is as simple as creating an xml file and
-putting in your structure, the name of our xml file should be the same as the
+putting in your structure, the name of our XML file should be the same as the
 base name of our model suffixed by .xml.
 
 Using the same model, we would create the following file:
@@ -91,7 +91,7 @@ Now let's explain what's happing here one tag at a time.
 The content of a items tag describes the full tree based structure which holds
 our data, in theory this could be as large as you want it to be, but keep in
 mind that the content for your model should be logical and understandable. Every
-node in the tree could have a type, which defines it's behavior, nodes without a
+node in the tree could have a type, which defines its behavior, nodes without a
 type are just containers.
 
 From top to bottom we find the following nodes in our tree:

source/development/guidelines/basics.rst

@@ -78,7 +78,7 @@ implementation is one example of this stage.
 
 **3)** Moving on
 (re)build new parts, using our new modules, which provide a layered development
-system to automatically support API calls from other systems and xml based model
+system to automatically support API calls from other systems and XML based model
 templates to describe configuration data.
 
 *See also:*

source/development/how-tos/api.rst

@@ -41,7 +41,7 @@ Code sample (python)
 --------------------
 
 For the python code sample we use the nice "requests" library
-(http://docs.python-requests.org/en/latest/), which makes http calls
+(http://docs.python-requests.org/en/latest/), which makes HTTP calls
 very easy.
 
 Before you can start, make sure your OPNsense has a valid SSL
@@ -102,7 +102,7 @@ Using curl
 ----------
 
 Simple testing with curl is also possible, the sample below uses the
-same credentials, but ignores the ssl certificate check (-k) for
+same credentials, but ignores the SSL certificate check (-k) for
 testing.
 
 .. code-block:: sh

source/intro.rst

@@ -102,4 +102,4 @@ OPNsense Core Features
 - Stateful inspection firewall
 - Granular control over state table
 - 802.1Q VLAN support
-- and more..
+- and more…

source/legal.rst

@@ -108,9 +108,9 @@ Some pictures are licensed under the Creative Commons Zero (CC0) license:
 https://creativecommons.org/publicdomain/zero/1.0/
 
 -----------------
-Logo's Copyright
+Logos Copyright
 -----------------
-Logo's may be subject to additional copyrights, property
+Logos may be subject to additional copyrights, property
 rights, trademarks etc. and may require the consent of a third party or the
 license of these rights. Deciso B.V. does not represent or make any warranties
 that it owns or licenses any of the mentioned, nor does it grant them.

source/manual/aliases.rst

@@ -20,7 +20,7 @@ OPNsense offers the following alias types:
 +------------+------------------------------------------------------+
 | Ports      | Port numbers or a port range like 20:30              |
 +------------+------------------------------------------------------+
-| URL Tables | A table of ip addresses that can be fetched          |
+| URL Tables | A table of IP addresses that can be fetched          |
 +------------+------------------------------------------------------+
 | GeoIP      | Select countries or whole regions                    |
 +------------+------------------------------------------------------+
@@ -44,7 +44,7 @@ Go to **Firewall->Diagnostics->pfTables** and select our newly created youtube t
 .. image:: images/pftable_youtube.png
     :width: 100%
 
-As you can see there are multiple ip addresses for this domain.
+As you can see there are multiple IP addresses for this domain.
 
 --------
 Networks
@@ -64,7 +64,7 @@ section.
 ----------
 URL Tables
 ----------
-URL tables can be used to fetch a list of ip addresses from a remote server.
+URL tables can be used to fetch a list of IP addresses from a remote server.
 There are several IP lists available for free, most notably are the "Don't Route
 Or Peer" lists from Spamhaus.
 
@@ -152,7 +152,7 @@ Then concatenate both by defining a new list:
 
 * servers { critical_servers , other_servers}.
 
-The end result will be a list with all ip addresses in one alias list (servers).
+The end result will be a list with all IP addresses in one alias list (servers).
 
 ------------------------------
 Configure DROP and EDROP lists

source/manual/antivirus.rst

@@ -5,7 +5,7 @@
 .. image:: images/eye_on_virus_new.jpg
     :width: 100%
 
-**OPNsense** offers the industry standard ICAP to protect http and https
+**OPNsense** offers the industry standard ICAP to protect HTTP and HTTPS
 connections against ransomware, trojans, viruses and other malware .
 
 OPNsense offers a ClamAV plugin, which can be used with the C-ICAP plugin or relies on third

source/manual/captiveportal.rst

@@ -70,7 +70,7 @@ Bandwidth Management
 The Built-in traffic shaper can be utilized to:
 
 * Share bandwidth evenly
-* Give priority to protocols port numbers and/or ip addresses
+* Give priority to protocols port numbers and/or IP addresses
 
 See also: :doc:`/manual/shaping`
 

source/manual/how-tos/SkyUK.rst

@@ -5,7 +5,7 @@ Setup for Sky UK ISP
 
 **Introduction**
 -----------------
-This doc covers the setup of Opnsense on a Sky UK VDSL connection.
+This doc covers the setup of OPNsense on a Sky UK VDSL connection.
 
 Sky uses a simple IPoE connection, all that is required is a suitable modem
 in bridge mode. If using a standard OpenReach modem then no setting is required
@@ -67,7 +67,7 @@ requirement for Sky .
 
 The only other requirement in this section is to select ‘Prevent Release'.
 This is there as the Sky DHCPv6 servers use a 'sticky' address. If the
-Opnsense dhcp6 client sends a release signal to the server it's more than
+OPNsense dhcp6 client sends a release signal to the server it's more than
 likely that the allocated prefix will change, thus this setting, along with
 the 'DHCP Unique Identifier' setting will attempt to mitigate this risk.
 
@@ -76,7 +76,7 @@ Once these settings have been entered, click on 'Save' then 'Apply'.
 **DHCP Unique Identifier**
 --------------------------
 
-Although Opnsense stores the IPv6 DUID it is possible this can be lost, this
+Although OPNsense stores the IPv6 DUID it is possible this can be lost, this
 again would probably result in a new prefix being given, therefore an option
 to enter and store a DUID is given in the Interface:Settings menu.
 

source/manual/how-tos/cachingproxy.rst

@@ -82,7 +82,7 @@ interfaces in the **FTP proxy interfaces** field and **Apply**.
 -------------------
 Access Control List
 -------------------
-You can setup ACL's by clicking on the arrow next to **Forward Proxy**  and select
+You can setup ACLs by clicking on the arrow next to **Forward Proxy**  and select
 **Access Control List**. Here you can:
 
 * Setup Allowed Subnets (By default the proxy interfaces will be allowed)
@@ -156,7 +156,7 @@ LAN interface (if LAN is where your clients and proxy are on).
  **Source**                   LAN net
  **Destination Port Range**   HTTP
  **Category**                 Block Proxy Bypass
- **Description**              Block http bypass
+ **Description**              Block HTTP bypass
 ============================ =====================
 
 **Save**
@@ -170,7 +170,7 @@ And one more rule to block HTTPS access:
  **Source**                   LAN net
  **Destination Port Range**   HTTPS
  **Category**                 Block Proxy Bypass
- **Description**              Block https bypass
+ **Description**              Block HTTPS bypass
 ============================ =====================
 
 **Save** & **Apply changes**

source/manual/how-tos/carp.rst

@@ -18,12 +18,12 @@ route our traffic to the internet.
   :width: 100%
 
 When using CARP ( `FreeBSD handbook on CARP <https://www.freebsd.org/doc/handbook/carp.html>`__ ), all
-fail-safe interfaces should have a dedicated ip address which will be
+fail-safe interfaces should have a dedicated IP address which will be
-combined with one shared virtual ip address to communicate to both
+combined with one shared virtual IP address to communicate to both
 networks. In the picture above the dashed lines are used to mark the
 virtual addresses.
 
-The configuration file (xml) for both firewalls can be downloaded from
+The configuration file (XML) for both firewalls can be downloaded from
 the wiki.
 
 -----------
@@ -37,7 +37,7 @@ we will explain briefly first:
     :name: carp
 
 Common Address Redundancy Protocol uses IP protocol 112, is derived from
-OpenBSD and uses multicast packets to signal it's neighbours about it's
+OpenBSD and uses multicast packets to signal its neighbours about its
 status. Always make sure that each interface can receive carp packets.
 Every virtual interface must have a unique Virtual Host ID (vhid), which
 is shared across the physical machines. To determine which physical
@@ -100,7 +100,7 @@ pfSync protocol.
 .. rubric:: Backup
     :name: backup
 
-The backup server needs it's own dedicated addresses, we will use these:
+The backup server needs its own dedicated addresses, we will use these:
 
 +----------+-------------------+
 | LAN      | 192.168.1.20/24   |
@@ -180,7 +180,7 @@ consider. All clients should use the virtual address in stead of the
 physical address it's normally propagating. Next thing to consider is
 there will be two servers active at the same time, which should know of
 each others pools. If dns requests are also forwarded by OPNsense, make
-sure the dhcp server sends the right ip address. These are settings used
+sure the dhcp server sends the right IP address. These are settings used
 in our example (on the master server):
 
 +--------------------+----------------+
@@ -197,7 +197,7 @@ Setup HA sync (xmlrpc) and pfSync
 
 First we should enable pfSync using our dedicated interface using the
 master firewall. Go to System -> High Availability, enable pfsync and
-select the interface used for pfSync. Next setup the peer ip to the
+select the interface used for pfSync. Next setup the peer IP to the
 other hosts address (10.0.0.2).
 
 Now we need to configure the settings we want to duplicating to the

source/manual/how-tos/edrop.rst

@@ -130,7 +130,7 @@ lower right corner.
 ---------------
 Check pf Tables
 ---------------
-To list the ip addresses that are currently in the DROP and EDROP lists go to
+To list the IP addresses that are currently in the DROP and EDROP lists go to
 **Firewall->Diagnostics->pfTables** and select the list you want to see:
 
 .. image:: images/spamhaus_pftable.png

source/manual/how-tos/insight.rst

@@ -83,8 +83,8 @@ Clicking on a piece of the pie will open a detailed view for further analysis.
 IP Addresses Pie Chart
 ----------------------
 The IP addresses pie chart works the same as the ports pie chart and shows the
-percentage per ip number. One can change the view by clicking or double clicking
+percentage per IP number. One can change the view by clicking or double clicking
-on one of the shown ip numbers.
+on one of the shown IP numbers.
 
 Clicking on a piece of the pie will open a detailed view for further analysis.
 
@@ -106,7 +106,7 @@ When opening the details view by clicking on the tab one can make a new query.
    :width: 100%
 
 After selecting a valid date range (form/to) and interface one can further limit
-the output by filtering on port or ip address. Select the refresh icon to update
+the output by filtering on port or IP address. Select the refresh icon to update
 the detailed output. Leave Port and Address empty for a full detailed listing.
 
 .. image:: images/insight_full_details.png

source/manual/how-tos/installaws.rst

@@ -29,7 +29,7 @@ Choose an instance type
 ---------------------------------
 Step 3 - Configure security group
 ---------------------------------
-To configure security group, make sure you allow https access from your own network.
+To configure security group, make sure you allow HTTPS access from your own network.
 
 .. image:: images/aws_configure_security_group.png
     :width: 100%

source/manual/how-tos/ipsec-road.rst

@@ -16,7 +16,7 @@ OPNsense and give you configuration examples for:
 
 .. Note::
 
-   For the sample we will use a private ip for our WAN connection.
+   For the sample we will use a private IP for our WAN connection.
    This requires us to disable the default block rule on wan to allow private traffic.
    To do so, go to the **Interfaces->[WAN]** and uncheck "Block private networks".
    *(Dont forget to save and apply)*

source/manual/how-tos/ipsec-s2s.rst

@@ -16,7 +16,7 @@ connection (you local network need to different than that of the remote network)
 
 .. Note::
 
-   For the sample we will use a private ip for our WAN connection.
+   For the sample we will use a private IP for our WAN connection.
    This requires us to disable the default block rule on wan to allow private traffic.
    To do so, go to the **Interfaces->[WAN]** and uncheck "Block private networks".
    *(Dont forget to save and apply)*
@@ -170,11 +170,11 @@ Full Network Diagram Including IPsec Tunnel
 
     }
 
-------------------------------
+---------------------------------------
-Firewall Rules Site A & Site B
+Firewall Rules Site A & Site B (part 1)
-------------------------------
+---------------------------------------
 To allow IPsec Tunnel Connections, the following should be allowed on WAN for on
-sites:
+sites (under **Firewall->Rules->WAN**):
 
 * Protocol ESP
 * UDP Traffic on Port 500 (ISAKMP)
@@ -185,13 +185,7 @@ sites:
 
 .. Note::
 
-    You can further limit the traffic by the source ip of the remote host.
+    You can further limit the traffic by the source IP of the remote host.
-
-To allow traffic passing to your LAN subnet you need to add a rule to the IPsec
-interface.
-
-.. image:: images/ipsec_ipsec_lan_rule.png
-    :width: 100%
 
 -----------------------
 Step 1 - Phase 1 Site A
@@ -206,7 +200,7 @@ General information
 **Key Exchange version**   V2
 **Internet Protocol**      IPv4
 **Interface**              WAN           *choose the interface connected to the internet*
-**Remote gateway**         172.10.2.1    *the public ip address of your remote OPNsense*
+**Remote gateway**         172.10.2.1    *the public IP address of your remote OPNsense*
 **Description**            Site B        *freely chosen description*
 ========================= ============= ================================================
 
@@ -320,7 +314,8 @@ And Apply changes:
 .. image:: images/ipsec_s2s_vpn_p1a_success.png
     :width: 100%
 
-**You are done configuring Site A.**
+**You are almost done configuring Site A (only some firewall settings remain, which we'll address later).**
+**We will now proceed setting up Site B**
 
 -----------------------------
 
@@ -337,7 +332,7 @@ General information
 **Key Exchange version**   V2
 **Internet Protocol**      IPv4
 **Interface**              WAN           *choose the interface connected to the internet*
-**Remote gateway**         172.10.1.1    *the public ip address of your remote OPNsense*
+**Remote gateway**         172.10.1.1    *the public IP address of your remote OPNsense*
 **Description**            Site A        *freely chosen description*
 ========================= ============= ================================================
 
@@ -455,8 +450,15 @@ And Apply changes:
 .. image:: images/ipsec_s2s_vpn_p1a_success.png
     :width: 100%
 
-**You are done configuring Site B.**
+---------------------------------------
+Firewall Rules Site A & Site B (part 2)
+---------------------------------------
 
+To allow traffic passing to your LAN subnet you need to add a rule to the IPsec
+interface (under **Firewall->Rules->IPsec**).
+
+.. image:: images/ipsec_ipsec_lan_rule.png
+    :width: 100%
 
 ------------------
 IPsec Tunnel Ready
@@ -511,7 +513,7 @@ Phase 1 works but no phase 2 tunnels are connected
 ---------------------------------------------------
 
 Did you set the correct local and remote networks. A common mistake is to fill in
-the ip address of the remote host in stead of its network ending with **x.x.x.0**
+the IP address of the remote host in stead of its network ending with **x.x.x.0**
 
 Common issues are unequal settings. Both ends must use the same encryption standard.
 

source/manual/how-tos/multiwan.rst

@@ -1,7 +1,7 @@
 ===============
 Setup Multi WAN
 ===============
-Multi WAN scenario's are commonly used for failover or load balancing, but combinations
+Multi WAN scenarios are commonly used for failover or load balancing, but combinations
 are also possible with OPNsense.
 
 .. blockdiag::
@@ -47,10 +47,10 @@ We defined WAN and WAN2, where WAN will be our primary (default) gateway.
 
 Step 1 - Add monitor IPs
 -------------------------
-You may skip this step if you already have setup the monitoring ip and both gateways
+You may skip this step if you already have setup the monitoring IP and both gateways
 are shown as online.
 
-To add a monitoring ip go to **System->Gateways->All** and click on the first pencil
+To add a monitoring IP go to **System->Gateways->All** and click on the first pencil
 symbol to edit the first gateway.
 
 Now make sure the following is configured:
@@ -208,4 +208,4 @@ Combining Balancing & Failover
 ------------------------------
 To combine Load Balancing with Failover you will have 2 or more WAN connections
 for Balancing purposes and 1 or more for Failover. OPNsense offers 5 tiers
-(Failover groups) each tier can hold multiple ISP's/WAN gateways.
+(Failover groups) each tier can hold multiple ISPs/WAN gateways.

source/manual/how-tos/netflow_exporter.rst

@@ -18,5 +18,5 @@ For local analysis using Insight also enable **Capture local**.
 Depending on the application you would like to use select **Version** 5 or 9.
 Remember that version 5 does not support IPv6.
 
-Add your **Destinations** (ip:port then enter) local ip will be added automatic
+Add your **Destinations** (ip:port then enter) local IP will be added automatic
 if Capture local is selected.

source/manual/how-tos/proxyicapantivirus.rst

@@ -1,7 +1,7 @@
 ===========================
 Setup Anti Virus Protection
 ===========================
-OPNsense can offer http and https protection by utilizing its highly flexible
+OPNsense can offer HTTP and HTTPS protection by utilizing its highly flexible
 proxy and the industry standard ICAP. An external engine from one of the known
 vendors is used to offer maximum protection against malware, such as ransomware,
 trojans and viruses. This protection can be further enhanced by the built-in Intrusion
@@ -42,11 +42,11 @@ Step 4 - Connect the Engine
 ---------------------------
 Now connect the server that the engine is installed on to OPNsense trough either
 a switch or a direct cable connection. Preferable use a separate network for this
-traffic to make sure the unencrypted ICAP traffic can's be tapped.
+traffic to make sure the unencrypted ICAP traffic can't be tapped.
 
 .. Note::
   ICAP traffic is not encrypted, meaning you have to make sure the traffic is not
-  visible to anyone else. When using transparent https mode it is best to configure
+  visible to anyone else. When using transparent HTTPS mode it is best to configure
   a separate interface for ICAP traffic and connect the Server (Engine) directly
   with a crosslink cable. Alternatively one may use a VLAN for this purpose.
 
@@ -70,8 +70,8 @@ Step 6 - Test using EICAR
 To test if the engine is operational and functional go to http://www.eicar.org/85-0-Download.html
 on this page you will find several files you can test.
 
-First test the http protocol version and if that works the https version if you
+First test the HTTP protocol version. If that works, test the HTTP version if you
-have also configured the transparent ssl proxy mode.
+have also configured the transparent SSL proxy mode.
 
 .. Warning::
     **IMPORTANT NOTE** :

source/manual/how-tos/proxyicapantivirusinternal.rst

@@ -1,7 +1,7 @@
 ==================================================
 Setup Anti Virus Protection using OPNsense Plugins
 ==================================================
-OPNsense can offer http and https protection by utilizing its highly flexible
+OPNsense can offer HTTP and HTTPS protection by utilizing its highly flexible
 proxy and the industry standard ICAP. An external engine from one of the known
 vendors is used to offer maximum protection against malware, such as ransomware,
 trojans and viruses. This protection can be further enhanced by the built-in Intrusion
@@ -62,8 +62,8 @@ Step 5 - Test using EICAR
 To test if the engine is operational and functional go to http://www.eicar.org/85-0-Download.html
 on this page you will find several files you can test.
 
-First test the http protocol version and if that works the https version if you
+First test the HTTP protocol version. If that works, test the HTTPS version if you
-have also configured the transparent ssl proxy mode.
+have also configured the transparent SSL proxy mode.
 
 .. Warning::
     **IMPORTANT NOTE** :

source/manual/how-tos/proxytransparent.rst

@@ -7,14 +7,14 @@ can be configured to run in transparent mode, this mean the clients browser does
 not have to be configured for the web proxy, but all traffic is diverted to the
 proxy automatically by utilizing Network Address Translation.
 
-In this How To, we will explain the basic http as well as https (ssl bump) transparent
+In this How To, we will explain the basic HTTP as well as HTTPS (SSL bump) transparent
 proxy modes.
 
 .. Warning::
     The Transparent SSL/HTTPS proxy mode uses a technique also called man-in-the-middle,
-    only configure and use this if your know what you are doing. When configured wrong
+    only configure and use this if you know what you are doing. When configured incorrectly
-    you may end up in lessing your security defenses significantly instead of enhancing
+    you may end up in lessening your security defenses significantly instead of enhancing
-    them. Using a transparent https proxy can be a dangerous practice and may not be
+    them. Using a transparent HTTPS proxy can be a dangerous practice and may not be
     allowed by the services you use, for instance e-banking.
 
 Step 1 - Basic Proxy Setup
@@ -33,7 +33,7 @@ And Click **Apply**.
 
 Step 3 - NAT/Firewall Rule
 ---------------------------------
-A simple way to add the NAT/Firewall Rule is to click on the **(i)** icon on the
+A simple way to add the NAT/Firewall Rule is to click the **(i)** icon on the
 left of the **Enable Transparent HTTP proxy** option and click on **add a new firewall rule**.
 
 .. image:: images/screenshot_enable_transparent_http.png

source/manual/how-tos/proxywebfilter.rst

@@ -61,8 +61,8 @@ Press **Save Changes**.
 --------------------------------
 Step 3 - Download the Categories
 --------------------------------
-Now press Download ACL's, please note that this will take a while (can be several
+Now press Download ACLs, please note that this will take a while (can be several
-minutes) as the full list (>19 MB) will be converted to squid acl's.
+minutes) as the full list (>19 MB) will be converted to squid ACLs.
 
 -------------------------
 Step 4 - Setup Categories
@@ -108,7 +108,7 @@ LAN interface (if LAN is where your clients and proxy are on).
  **Source**                   LAN net
  **Destination Port Range**   HTTP
  **Category**                 Block Proxy Bypass
- **Description**              Block http bypass
+ **Description**              Block HTTP bypass
 ============================ =====================
 
 **Save**
@@ -122,7 +122,7 @@ And one more rule to block HTTPS access:
  **Source**                   LAN net
  **Destination Port Range**   HTTPS
  **Category**                 Block Proxy Bypass
- **Description**              Block https bypass
+ **Description**              Block HTTPS bypass
 ============================ =====================
 
 **Save** & **Apply changes**

source/manual/how-tos/resources/config-OPNsense-ipsec-Site-B.xml

@@ -144,7 +144,7 @@
       <value>default</value>
     </item>
     <item>
-      <descr>Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid())</descr>
+      <descr>Randomize PIDs (see src/sys/kern/kern_fork.c: sysctl_kern_randompid())</descr>
       <tunable>kern.randompid</tunable>
       <value>default</value>
     </item>

source/manual/how-tos/shaper.rst

@@ -2,7 +2,7 @@
 Setup Traffic Shaping
 =====================
 
-For this how-to we will look into these scenario's:
+For this how-to we will look into these scenarios:
 
 #. Reserve dedicated bandwidth for a realtime traffic such as (hosted) Voice Over IP (VOIP) server.
 #. Share internet bandwidth amongst users evenly
@@ -112,10 +112,10 @@ Create a rule for traffic directed towards the VOIP Server (Upload).
 ====================== ================= =====================================================
  **sequence**            11               *Auto generated number, overwrite only when needed*
  **interface**           WAN              *Select the interface connected to the internet*
- **proto**               ip               *Select the protocol, ip in our example*
+ **proto**               ip               *Select the protocol, IP in our example*
- **source**              any              *The source ip to shape, leave on any*
+ **source**              any              *The source IP to shape, leave on any*
  **src-port**            any              *The source port to shape, leave on any*
- **destination**        172.10.2.1        *The ip address of our VOIP server*
+ **destination**        172.10.2.1        *The IP address of our VOIP server*
  **dst-port**            any              *Use any of the destination port if static*
  **target**             PipeUP-256kbps    *Select the Upload 256 kbps Pipe*
  **description**        ShapeVOIPUpload   *Enter a descriptive name*
@@ -127,10 +127,10 @@ Create a rule for traffic coming from the VOIP Server (Download).
 ====================== ================= =====================================================
  **sequence**            21               *Auto generated number, overwrite only when needed*
  **interface**           WAN              *Select the interface connected to the internet*
- **proto**               ip               *Select the protocol, ip in our example*
+ **proto**               ip               *Select the protocol, IP in our example*
- **source**              172.10.2.1       *The ip address of our VOIP server*
+ **source**              172.10.2.1       *The IP address of our VOIP server*
  **src-port**            any              *The source port to shape, leave on any*
- **destination**         any              *The destination ip to shape, leave on any*
+ **destination**         any              *The destination IP to shape, leave on any*
  **dst-port**            any              *The destination port to shape, leave on any*
  **target**             PipeDown256kbps   *Select the Download 256 kbps Pipe*
  **description**        ShapeVOIPDown     *Enter a descriptive name*
@@ -141,7 +141,7 @@ Create a rule for all other internet upload traffic
 ====================== ================= =====================================================
  **sequence**            31               *Auto generated number, overwrite only when needed*
  **interface**           WAN              *Select the interface connected to the internet*
- **proto**               ip               *Select the protocol, ip in our example*
+ **proto**               ip               *Select the protocol, IP in our example*
  **source**              192.168.1.0/24   *The source IPs to shape, our LAN network*
  **src-port**            any              *The source port to shape, leave on any*
  **destination**         any              *the destination address, leave in any*
@@ -156,8 +156,8 @@ Create a rule for all other internet download traffic
 ====================== =================== =====================================================
  **sequence**            41                 *Auto generated number, overwrite only when needed*
  **interface**           WAN                *Select the interface connected to the internet*
- **proto**               ip                 *Select the protocol, ip in our example*
+ **proto**               ip                 *Select the protocol, IP in our example*
- **source**              any                *The source ip to shape, leave on any*
+ **source**              any                *The source IP to shape, leave on any*
  **src-port**            any                *The source port to shape, leave on any*
  **destination**         192.168.1.0/24     *The destination IPs to shape, our LAN network*
  **dst-port**            any                *The destination port to shape, leave on any*
@@ -279,8 +279,8 @@ Create a rule for traffic directed towards the internet (Upload).
 ====================== ================= =====================================================
  **sequence**            11               *Auto generated number, overwrite only when needed*
  **interface**           WAN              *Select the interface connected to the internet*
- **proto**               ip               *Select the protocol, ip in our example*
+ **proto**               ip               *Select the protocol, IP in our example*
- **source**              192.168.1.0/24   *The source ip to shape, select the LAN network*
+ **source**              192.168.1.0/24   *The source IP to shape, select the LAN network*
  **src-port**            any              *The source port to shape, leave on any*
  **destination**         any              *The destination to shape, leave on any*
  **dst-port**            any              *Use any of the destination port if static*
@@ -294,10 +294,10 @@ Create a rule for traffic coming from the internet (Download).
 ====================== ================= =====================================================
  **sequence**            21               *Auto generated number, overwrite only when needed*
  **interface**           WAN              *Select the interface connected to the internet*
- **proto**               ip               *Select the protocol, ip in our example*
+ **proto**               ip               *Select the protocol, IP in our example*
  **source**              any              *The source address, leave on any*
  **src-port**            any              *The source port to shape, leave on any*
- **destination**         192.168.1.0/24   *The destination ip to shape, select LAN network*
+ **destination**         192.168.1.0/24   *The destination IP to shape, select LAN network*
  **dst-port**            any              *The destination port to shape, leave on any*
  **target**             QueueDown-10Mbps  *Select the Download 10 Mbps Queue*
  **description**        ShapeDownload     *Enter a descriptive name*
@@ -373,10 +373,10 @@ Create a rule for traffic coming from the internet (Download).
 ====================== ================= =====================================================
  **sequence**            21               *Auto generated number, overwrite only when needed*
  **interface**           WAN              *Select the interface connected to the internet*
- **proto**               ip               *Select the protocol, ip in our example*
+ **proto**               ip               *Select the protocol, IP in our example*
  **source**              any              *The source address, leave on any*
  **src-port**            any              *The source port to shape, leave on any*
- **destination**         192.168.1.0/24   *The destination ip to shape, select LAN network*
+ **destination**         192.168.1.0/24   *The destination IP to shape, select LAN network*
  **dst-port**            any              *The destination port to shape, leave on any*
  **target**             PipeDown-1Mbps   *Select the Download 1 Mbps Pipe*
  **description**        ShapeDownload     *Enter a descriptive name*
@@ -384,7 +384,7 @@ Create a rule for traffic coming from the internet (Download).
 
 .. Note::
 
-        If you want to limit traffic for a single ip then just enter the ip address
+        If you want to limit traffic for a single IP then just enter the IP address
         in the destination field instead of the full LAN network range.
 
 Now press |apply| to activate the traffic shaping rules.
@@ -476,46 +476,46 @@ Create a rule for smtp download traffic (email)
 ====================== =================== =====================================================
  **sequence**            11                 *Auto generated number, overwrite only when needed*
  **interface**           WAN                *Select the interface connected to the internet*
- **proto**               ip                 *Select the protocol, ip in our example*
+ **proto**               ip                 *Select the protocol, IP in our example*
  **source**              any                *The source address, leave on any*
  **src-port**            smtp               *The source port to shape, smtp or 25*
- **destination**         any                *The destination ip to shape, leave on any*
+ **destination**         any                *The destination IP to shape, leave on any*
  **dst-port**            any                *The destination port to shape, leave on any*
  **target**             Queue-SMTP          *Select the SMTP queue*
  **description**        ShapeSMTPDownload   *Enter a descriptive name*
 ====================== =================== =====================================================
 
 
-Create a rule for http download traffic
+Create a rule for HTTP download traffic
 
 ====================== =================== =====================================================
  **sequence**            21                 *Auto generated number, overwrite only when needed*
  **interface**           WAN                *Select the interface connected to the internet*
- **proto**               ip                 *Select the protocol, ip in our example*
+ **proto**               ip                 *Select the protocol, IP in our example*
  **source**              any                *The source address, leave on any*
  **src-port**            http               *The source port to shape, http or 80*
- **destination**         any                *The destination ip to shape, leave on any*
+ **destination**         any                *The destination IP to shape, leave on any*
  **dst-port**            any                *The destination port to shape, leave on any*
  **target**             Queue-HTTP          *Select the HTTP queue*
  **description**        ShapeHTTPDownload   *Enter a descriptive name*
 ====================== =================== =====================================================
 
 
-Adding an extra rule for https traffic is simple as we can use the same http queue if we like:
+Adding an extra rule for HTTPS traffic is simple as we can use the same HTTP queue if we like:
 
 ====================== ==================== =====================================================
  **sequence**            31                  *Auto generated number, overwrite only when needed*
  **interface**           WAN                 *Select the interface connected to the internet*
- **proto**               ip                  *Select the protocol, ip in our example*
+ **proto**               ip                  *Select the protocol, IP in our example*
  **source**              any                 *The source address, leave on any*
  **src-port**            https               *The source port to shape, https or 443*
- **destination**         any                 *The destination ip to shape, leave on any*
+ **destination**         any                 *The destination IP to shape, leave on any*
  **dst-port**            any                 *The destination port to shape, leave on any*
  **target**             Queue-HTTP           *Select the HTTP queue*
  **description**        ShapeHTTPSDownload   *Enter a descriptive name*
 ====================== ==================== =====================================================
 
-This way http and https traffic will be treated the same (total max of 1 Mbps).
+This way HTTP and HTTPS traffic will be treated the same (total max of 1 Mbps).
 
 Now press |apply| to activate the traffic shaping rules.
 
@@ -620,10 +620,10 @@ Create a rule for the download traffic
  **sequence**            11                 *Auto generated number, overwrite only when needed*
  **interface**           WAN                *Select the interface connected to the internet*
  **interface2**          GuestNet           *Select the interface that matches your GuestNet*
- **proto**               ip                 *Select the protocol, ip in our example*
+ **proto**               ip                 *Select the protocol, IP in our example*
  **source**              any                *The source address, leave on any*
  **src-port**            any                *The source port to shape, leave on any*
- **destination**         any                *The destination ip to shape, leave on any*
+ **destination**         any                *The destination IP to shape, leave on any*
  **dst-port**            any                *The destination port to shape, leave on any*
  **direction**           in                 *Match incoming packages (download)*
  **target**             PipeDown-2Mbps      *Select the Download pipe*
@@ -639,7 +639,7 @@ Create a rule for the upload traffic
  **proto**               ip                 *Select the protocol, IP in our example*
  **source**              any                *The source address, leave on any*
  **src-port**            any                *The source port to shape, leave on any*
- **destination**         any                *The destination ip to shape, leave on any*
+ **destination**         any                *The destination IP to shape, leave on any*
  **dst-port**            any                *The destination port to shape, leave on any*
  **direction**           out                *Match incoming packages (download)*
  **target**             PipeUp-1Mbps        *Select the Download pipe*

source/manual/how-tos/sslvpn_client.rst

@@ -29,7 +29,7 @@ and give you configuration examples for:
 
 .. Note::
 
-   For the sample we will use a private ip for our WAN connection.
+   For the sample we will use a private IP for our WAN connection.
    This requires us to disable the default block rule on wan to allow private traffic.
    To do so, go to the **Interfaces->[WAN]** and uncheck "Block private networks".
    *(Dont forget to save and apply)*

source/manual/how-tos/sslvpn_s2s.rst

@@ -2,7 +2,7 @@
 Setup SSL VPN site to site tunnel
 =================================
 
-Site to site VPN's connect two locations with static public IP addresses and allow
+Site to site VPNs connect two locations with static public IP addresses and allow
 traffic to be routed between the two networks. This is most commonly used to
 connect an organization's branch offices back to its main office, so branch users
 can access network resources in the main office.
@@ -16,7 +16,7 @@ connection (you local network need to different than that of the remote network)
 
 .. Note::
 
-   For the sample we will use a private ip for our WAN connection.
+   For the sample we will use a private IP for our WAN connection.
    This requires us to disable the default block rule on wan to allow private traffic.
    To do so, go to the **Interfaces->[WAN]** and uncheck "Block private networks".
    *(Don't forget to save and apply)*

source/manual/how-tos/user-radius.rst

@@ -6,15 +6,15 @@ is easy just go to **System->Access->Servers** and click on **Add server** in th
 
 Fill in the form:
 
-============================== =============== ========================================================
+============================== =============== =========================================================
 **Descriptive name**            radius_test    *Enter a descriptive name*
 **Type**                        Radius         *Select Radius*
 **Hostname or IP address**      10.10.10.1     *Enter the IP of your Radius server*
 **Shared Secret**               secret         *Shared secret for your Radius server*
 **Services offered**            Authentication *Select Authentication,for Captive portal + accounting*
-**Authentication port value**   1812           *Port number, 1812 is default for accounting it's 1813*
+**Authentication port value**   1812           *Port number, 1812 is default; for accounting it's 1813*
 **Authentication Timeout**      5              *Timeout for Radius to respond on requests*
-============================== =============== ========================================================
+============================== =============== =========================================================
 
 Use the tester under **System->Access->Tester** to test the Radius server.
 

source/manual/install.rst

@@ -344,8 +344,8 @@ By default you have to log in to enter the console.
 VLANs and assigning interfaces
     If choose to do manual interface assignment or when no config file can be
     found then you are asked to assign Interfaces and VLANs. VLANs are optional.
-    If you do not need VLAN's then choose **no**. You can always configure
+    If you do not need VLANs then choose **no**. You can always configure
-    VLAN's at a later time.
+    VLANs at a later time.
 
 LAN, WAN and optional interfaces
     The first interface is the LAN interface. Type the appropriate

source/manual/ipv6.rst

@@ -6,7 +6,7 @@ Using IPv6
    :width: 100%
 
 OPNsense fully supports IPv6 for routing and firewall. However there are lots of
-different options to utilize IPv6. Currently these scenario's are known to work:
+different options to utilize IPv6. Currently these scenarios are known to work:
 
 * Native IPv6 only
 * Dual Stack IPv4 + IPv6

source/manual/multiwan.rst

@@ -1,7 +1,7 @@
 =========
 Multi WAN
 =========
-Multi WAN scenario's are commonly used for failover or load balancing, but combinations
+Multi WAN scenarios are commonly used for failover or load balancing, but combinations
 are also possible with OPNsense.
 
 .. blockdiag::
@@ -30,7 +30,7 @@ connectivity is fully restored so will the routing switch back to the primary IS
 ------------------
 WAN Load Balancing
 ------------------
-Load balancing can be used to split the load between two (or more) ISP's. This
+Load balancing can be used to split the load between two (or more) ISPs. This
 enhances the total available bandwidth and/or lowers the load on each ISP.
 
 The principle is simple: Each WAN connection (gateway) gets a portion of the traffic.
@@ -39,10 +39,10 @@ The traffic can be divided equally or weighted.
 ------------------------------
 Combining Balancing & Failover
 ------------------------------
-It is also possible to combine Load Balancing with Failover in such scenario's
+It is also possible to combine Load Balancing with Failover in such scenarios
 you will have 2 or more WAN connections for Balancing purposes and 1 or more for
 Failover. OPNsense offers 5 tiers (Failover groups) each tier can hold multiple
-ISP's/WAN gateways.
+ISPs/WAN gateways.
 
 -------------
 Configuration

source/manual/netflow.rst

@@ -11,13 +11,13 @@ is very fast with little overhead compared to softflowd or pfflowd.
 
 While many monitoring solutions such as Nagios, Cacti and vnstat only capture traffic
 statistics, Netflow captures complete packet flows including source, destination
-ip and port number.
+IP and port number.
 
 OPNsense offers full support for exporting Netflow data to external collectors as
 well as a comprehensive Analyzer for on-the-box analysis and live monitoring.
 
 OPNsense is the only open source solution with a built-in Netflow analyzer integrated
-into it's Graphical User Interface.
+into its Graphical User Interface.
 
 ------------------
 Supported Versions

source/manual/opnsense_tools.rst

@@ -55,12 +55,12 @@ The latest update of OPNsense to version 18.1.5 did a minor jump for the IPSec p
 From this moment your VPNs are unstable and only a restart helps.
 
 To check if the update of the package is the reason you can easily revert the package
-to it's previous state while running the latest OPNsense version itself
+to its previous state while running the latest OPNsense version itself.
 
 # opnsense-revert -r 18.1.4 strongswan
 
-With this command you will on e.g. 18.1.5 while reverting the package strongswan to it's version it was in 18.1.4.
+With this command you can, for example, run OPNsense 18.1.5 while using the 18.1.4 version of strongswan.
-If you want to go back to the current release version just just 
+If you want to go back to the current release version just do
 
 # opnsense-revert strongswan
 

source/manual/proxy.rst

@@ -66,7 +66,7 @@ category based web filter support. Main features include:
 
 * Fetch from a remote URL
 * Supports flat file list and category based compressed lists
-* Automatically convert category based blacklists to squid ACL's
+* Automatically convert category based blacklists to squid ACLs
 * Keep up to date with the built-in scheduler
 * Compatible with most popular blacklist
 
@@ -75,13 +75,10 @@ Transparent Mode
 ----------------
 The transparent mode means all request will be diverted to the proxy without any
 configuration on your client. Transparent mode works very well with unsecured http
-requests, however with secured (SSL) https connection the proxy will become a
+requests, however with secured (SSL) HTTPS connection the proxy will become a
 man-in-the-middle as the client will "talk" to the proxy and the proxy will encrypt
 the traffic with its master key that the client is required to trust.
 
-While we do not encourage the use of https in transparent mode, this feature is
-scheduled for release in version 16.7.
-
 .. Warning::
     Using a transparent HTTPS proxy can be a dangerous practice and may not be
     allowed by the services you use, for instance e-banking.

source/manual/shaping.rst

@@ -24,7 +24,7 @@ OPNsense traffic shaping is a reliable solution to limit bandwidth or prioritize
 traffic and can be combined with other functions such as captive portal or high
 availability (CARP).
 
-Bandwidth limitations can be defined based upon the interface(s), ip source &
+Bandwidth limitations can be defined based upon the interface(s), IP source &
 destination, direction of traffic (in/out) and port numbers (application).
 
 Available bandwidth can be shared evenly over all users, this allows for

source/relations/hardenedbsd.rst

@@ -43,4 +43,4 @@ HardenedBSD's core team consists of Oliver Pinter and Shawn Webb.
 Cooperation with OPNsense
 -------------------------
 In May 2015, HardenedBSD announced their cooperation with OPNsense.
-A HardenedBSD-flavored versions of OPNsense is available as of June 2015.
+A HardenedBSD-flavored version of OPNsense is available as of June 2015.

source/relations/osi.rst

@@ -17,9 +17,9 @@ community-recognized body for reviewing and approving licenses as OSD-conformant
 
 -----------------------
 
-------------------
+--------------------
-Relations OPNsense
+Relation to OPNsense
-------------------
+--------------------
 OPNsense is licensed under an Open Source Initiative `approved license <http://opensource.org/licenses>`__. OPNsense
 is and will be available with the simple 2-clause BSD license. We believe an
 open source project should provide the sources and the tools to build it.

themes/opnsense/sass/_theme_rst.sass

@@ -288,7 +288,7 @@
     // rST seems to want dds to be treated as the browser would, indented.
     dd
       margin: 0  0 $base-line-height / 2 $base-line-height
-  // This is what Sphinx spits out for it's autodocs. Depending upon what language the person is referencing
+  // This is what Sphinx spits out for its autodocs. Depending upon what language the person is referencing
   // these things usually have a class of "method" or "class" or something similar, but really who knows.
   // Sphinx doesn't give me a generic class on these, so unfortunately I have to apply it to the root dl.
   // This makes me terribly unhappy and makes this code very nesty. Unfortunately I've seen hand-written docs