Fix scaling of small images, fix typos, clarify IPsec s2s (#78)

source/conf.py

@@ -340,7 +340,7 @@ epub_copyright = copyright
 # A unique identification for the text.
 #epub_uid = ''
 
-# A tuple containing the cover image and cover page html template filenames.
+# A tuple containing the cover image and cover page HTML template filenames.
 #epub_cover = ()
 
 # A sequence of (type, uri, title) tuples for the guide element of content.opf.

source/development/examples/helloworld.rst

@@ -66,7 +66,7 @@ Architecture
 
 Always make sure there's a clear separation of concerns, back-end calls
 (like shell scripts) should be implemented using the configd system, all
-communication to the client should be handled from an api endpoint. (the
+communication to the client should be handled from an API endpoint. (the
 example provides more insights on how this works).
 
 Back-end programs should not access the config.xml directly, if data is
@@ -215,7 +215,7 @@ retrieval/changing of configuration data.
 They should live in a subdirectory of the controller called Api and
 extend the corresponding class.
 
-For our modules we create two api controllers, one for controlling
+For our modules we create two API controllers, one for controlling
 settings and one for performing service actions. (Named
 SettingsController.php and ServiceController.php) Both should look like
 this (replace Settings with Service for the other one):
@@ -377,7 +377,7 @@ something like this:
     {{ partial("layout_partials/base_form",['fields':generalForm,'id':'frm_GeneralSettings'])}}
 
 This tells the template system to add a form using the contents of
-generalForm and name it frm\_GeneralSettings in the html page. Based on
+generalForm and name it frm\_GeneralSettings in the HTML page. Based on
 a standard template part which is already part of the standard system,
 named base\_form.volt.
 
@@ -665,7 +665,7 @@ What have we accomplished now, we can input data, validate it and save
 it to the corresponding format of the actual service or application,
 which uses this data. So if you have a third party application, which
 you want to integrate into the user interface. You should be able to
-generate what it needs now. (there’s more to learn, but these are the
+generate what it needs now. (There’s more to learn, but these are the
 basics).
 
 But how do should we control that third part program now? That’s the
@@ -760,7 +760,7 @@ elements:
         });
     });
 
-(in html section)
+(in HTML section)
 
 .. code-block:: xml
 
@@ -868,7 +868,7 @@ content in it:
     </acl>
 
 This creates an acl key named “page-user-helloworld” which authorizes
-access to both the ui and api urls of this application. You can now
+access to both the ui and API urls of this application. You can now
 grant access to this module from the system user manager.
 
 |

source/development/frontend/controller.rst

@@ -86,7 +86,7 @@ A simple index controller to echo a request back looks like this:
         }
     }
 
-When placed inside the api directory of Vendor/Sample can be called by sending a
+When placed inside the API directory of Vendor/Sample can be called by sending a
 post request to /api/sample/test/echo, using jquery:
 
 .. code-block:: javascript

source/development/frontend/routing.rst

@@ -62,14 +62,14 @@ This routing is setup via the index page of our new code base and uses
 API routing
 -----------
 
-Routing for api functions is quite similar to routing UI components,
+Routing for API functions is quite similar to routing UI components,
 just create a Api directory under the app path and place a controller
 class to handle the request. The only major difference is that it's
 handled by a separate php file (called api.php) in stead of the
 index.php file used to configure the ui part, details of the routing can
 be found in /usr/local/opnsense/mvc/app/config/services\_api.php .
 
-If our sample app needs an api to echo something back via a controller called
+If our sample app needs an API to echo something back via a controller called
 tools it could be put into a file called:
 
 ::

source/development/guidelines/basics.rst

@@ -49,7 +49,7 @@ time and we needed to transition that into something more structured.
 One of the first things (on the programming part of the system) we did was build
 components around an existing framework (`Phalcon <https://phalconphp.com/>`_)
 to create new modules, which could use validated configuration data (from the
-config.xml), supply a RESTful API and generate html output using standard
+config.xml), supply a RESTful API and generate HTML output using standard
 templates (Volt).
 
 We created the configd system, which can generate system configuration and
@@ -78,7 +78,7 @@ implementation is one example of this stage.
 
 **3)** Moving on
 (re)build new parts, using our new modules, which provide a layered development
-system to automatically support api calls from other systems and xml based model
+system to automatically support API calls from other systems and xml based model
 templates to describe configuration data.
 
 *See also:*
@@ -87,7 +87,7 @@ templates to describe configuration data.
 * :doc:`Howto use the API </development/how-tos/api>`
 
 Our guidelines somewhat depend of the stage the code is in, when writing new code,
-all actions should use the api system for actually changing configuration and
+all actions should use the API system for actually changing configuration and
 performing configuration tasks. They should, of course, use the normal PSR coding
 standards for PHP code and follow the Python PEPs.
 

source/development/how-tos/api.rst

@@ -23,7 +23,7 @@ Creating keys
 
 API keys are managed in the user manager (system\_usermanager.php), go
 to the user manager page and select a user. Somewhere down the page you
-will find the api section for this user.
+will find the API section for this user.
 
 |Usermanager add api key.png|
 

source/fork/thefork.rst

@@ -15,7 +15,7 @@ There are some myths surrounding our project offered mostly by pfSense enthusias
 if you have read their comments on us then we'd recommend to just ignore them and
 install OPNsense, if you have not already done so.
 
-.. sidebar:: Lets fork and lift the project!
+.. sidebar:: Let's fork and lift the project!
 
     .. image:: images/fork-lift_new.jpg
 

source/intro.rst

@@ -79,11 +79,11 @@ OPNsense Core Features
 
 - Intrusion Detection and Inline Prevention
 
-  - Build-in support for Emerging Treats rules
+  - Built-in support for Emerging Treats rules
   - Simple setup by use of rule categories
   - Scheduler for period automatic updates
 
-- Build-in reporting and monitoring tools
+- Built-in reporting and monitoring tools
 
   - System Health, the modern take on RRD Graphs
   - Packet Capture

source/manual/aliases.rst

@@ -33,7 +33,7 @@ When using a fully qualified domain name, the name will we resolved periodically
 (default is each 300 seconds).
 
 Sample
-  Lets say we want to create an alias table for **www.youtube.com**
+  Let's say we want to create an alias table for **www.youtube.com**
 
   .. image:: images/aliases_host.png
       :width: 100%
@@ -120,10 +120,10 @@ Downloads
 Using Aliases in pf Firewall Rules
 ----------------------------------
 Aliases can be used in the firewall rules to make administration of large lists
-easy. For instance we could have a list of remote ip's that should have access to
+easy. For instance we could have a list of remote IPs that should have access to
 certain services, when anything changes we only need to update the list.
 
-Lets create a simple alias list and assume we have 3 remote ip's that may access
+Let's create a simple alias list and assume we have 3 remote IPs that may access
 the ipsec server for a site to site tunnel connection:
 
 * 192.168.100.1

source/manual/captiveportal.rst

@@ -7,13 +7,12 @@ but is also widely used in corporate networks for an additional layer of securit
 on wireless or Internet access.
 
 .. image:: images/hotspot_login.png
-    :width: 100%
 
 --------------------
 Typical Applications
 --------------------
 * Guest Network
-* Hotel & Camping Wifi Access
+* Hotel & Camping Wi-Fi Access
 * Bring Your Own Device (BOYD)
 
 -------------------
@@ -27,7 +26,6 @@ task. At the same time it offers additional functionalities, such as:
 * Custom Splash page
 
 .. image:: images/captiveportal_template_folder.png
-    :width: 100%
 
 ---------------
 Zone Management
@@ -69,7 +67,7 @@ the user can resume its active session.
 --------------------
 Bandwidth Management
 --------------------
-The Build-in traffic shaper can be utilized to:
+The Built-in traffic shaper can be utilized to:
 
 * Share bandwidth evenly
 * Give priority to protocols port numbers and/or ip addresses

source/manual/gui.rst

@@ -85,13 +85,13 @@ The content area is used to display:
 ----------
 Form View
 ----------
-Lets take a look at how an advanced form may look like:
+Let's take a look at how an advanced form may look like:
 
 .. image:: images/proxy_form.png
 
 Full Help
 ---------
-Many forms are equipped with build-in help. In the upper right corner of the form
+Many forms are equipped with built-in help. In the upper right corner of the form
 you can select to view all help messages at once. The toggle will color green when
 enabled and show the help messages beneath the input items.
 

source/manual/hardware.rst

@@ -53,13 +53,13 @@ for the ones that require disk writes, e.g. a caching proxy (cache) or intrusion
 and prevention (alert database).
 
 +------------------+--------------------------------------------------------------------------+
-| Processor        | 500MHz single core cpu                                                   |
+| Processor        | 500 MHz single core cpu                                                  |
 +------------------+--------------------------------------------------------------------------+
 | RAM              | 512 MB                                                                   |
 +------------------+--------------------------------------------------------------------------+
 | Install method   | Serial console or video (vga)                                            |
 +------------------+--------------------------------------------------------------------------+
-| Install target   | SD or CF card with a minimum of 4GB, use nano images for installation.   |
+| Install target   | SD or CF card with a minimum of 4 GB, use nano images for installation.  |
 +------------------+--------------------------------------------------------------------------+
 
 Table:  *Minimum hardware requirements*
@@ -78,7 +78,7 @@ or high loads.
 +------------------+--------------------------------------------------------------------------+
 | Install method   | Serial console or video (vga)                                            |
 +------------------+--------------------------------------------------------------------------+
-| Install target   | 40 GB SSD, a minimum of 1GB memory is needed for the installer to run.   |
+| Install target   | 40 GB SSD, a minimum of 1 GB memory is needed for the installer to run.  |
 +------------------+--------------------------------------------------------------------------+
 
 Table:  *Reasonable hardware requirements*
@@ -126,9 +126,9 @@ have massive impact on it. The candidates are:
     displayed below.
 
 `State transition tables <https://en.wikipedia.org/wiki/State_transition_table>`__
-    it is a known fact, that each state table entry requires about 1KB
+    it is a known fact, that each state table entry requires about 1 kB
-    (kilo bytes) of RAM. The average state table, filled with 1000
+    (kilobytes) of RAM. The average state table, filled with 1000
-    entries will occupy about ~10MB (mega bytes) of
+    entries will occupy about ~10 MB (megabytes) of
     `RAM <https://en.wikipedia.org/wiki/Random-access_memory>`__.
     OPNsense usage settings with hundred of thousands of connections
     will require memory accordingly.

source/manual/how-tos/cachingproxy.rst

@@ -26,7 +26,7 @@ select from the list).
 Change Proxy Listening Port
 ---------------------------
 By default the proxy will listen at port 3128, you can change this by clicking
-on the tab **Forward Proxy** and fill in the port in the **Proxy port** feild.
+on the tab **Forward Proxy** and fill in the port in the **Proxy port** field.
 Don't forget to **Apply** your changes.
 
 ------------
@@ -36,7 +36,6 @@ To enable caching click on the arrow next to the **General Proxy Settings** to
 see the dropdown menu and click on **Local Cache Settings**.
 
 .. image:: images/proxy_cache.png
-    :width: 100%
 
 Check the **Enable local cache** and click **Apply**.
 
@@ -49,7 +48,7 @@ Advanced
 --------
 Under the advanced settings (see mode switch on left top of the form) you can
 change the cache size, directory structure and max object size to keep in cache.
-Again defaults are fine for normal browsing and creates a 100MB cache with max 4MB
+Again defaults are fine for normal browsing and creates a 100 MB cache with max 4 MB
 object size.
 
 
@@ -87,7 +86,7 @@ You can setup ACL's by clicking on the arrow next to **Forward Proxy**  and sele
 **Access Control List**. Here you can:
 
 * Setup Allowed Subnets (By default the proxy interfaces will be allowed)
-* Add Unrestricted IP addresses (Unrestricted means just that, no authentication and no blacklisting for those IP's)
+* Add Unrestricted IP addresses (Unrestricted means just that, no authentication and no blacklisting for those IPs)
 * Add Banned hosts IP address (A ban will stop this client from being able to use the proxy)
 * Whitelist (Click on the (i) to see examples, whitelist prevail above blacklists)
 * Blacklist (If not allowed by a whitelist, this will block traffic based upon a regular expression)

source/manual/how-tos/cellular.rst

@@ -28,7 +28,7 @@ Use websites like `FrequencyCheck <https://www.frequencycheck.com/>`_ to find th
 frequency band(s) used and get a cellular modem that supports these frequencies.
 
 You should also buy an appropriate pigtail antenna cable and LTE antenna. Note
-that LTE antennas often have different connectors than WIFI antennas, chose your
+that LTE antennas often have different connectors than Wi-Fi antennas, chose your
 equipment accordingly. Getting the right antenna has a big impact on the quality
 of your signal. For LTE, MIMO (multiple input, multiple output) antennas should
 be considered, see for example `this guide <https://www.specialistantennas.co.uk/news/lte-antenna-choices-considerations>`_.

source/manual/how-tos/cloud_backup.rst

@@ -67,7 +67,7 @@ First we need to have a project in the google developer console:
 
    -  In the left menu APIs -> "Drive API" -> Enable
 
--  Open the project and start to create an api key
+-  Open the project and start to create an API key
 
    -  In the left menu : APIs & auth -> Credentials
    -  Click on the button "Create new Client ID"

source/manual/how-tos/fwcategory.rst

@@ -35,7 +35,7 @@ box to make a quick selection.
 ----------------
 Before Selection
 ----------------
-Take a look at this simple rule set before selecting our "My IP's" category.
+Take a look at this simple rule set before selecting our "My IPs" category.
 
 .. image:: images/Rules_Full.png
     :width: 100%

source/manual/how-tos/guestnet.rst

@@ -26,7 +26,7 @@ Hotels and RV Parks
 -------------------
 Hotels and RV parks usually utilize a captive portal to allow guests (paid) access
 to internet for a limited duration. Guests need to login using a voucher they can
-either buy or obtain for free at the reception. OPNsense has build-in support for
+either buy or obtain for free at the reception. OPNsense has built-in support for
 vouchers and can easily create them on the fly. With this example we will show
 you how to setup the Guest Network for this purpose and setup a reception account
 for creating new vouchers.
@@ -88,7 +88,7 @@ Fill in the following to setup the DHCP server for our guest net (leave everythi
 
 ================ ==================================== =======================================
  **Enable**       Checked                               *Enable the DCHP server on GUESTNET*
- **Range**        192.168.200.100 to 192.168.200.200    *Serve ip's from this range*
+ **Range**        192.168.200.100 to 192.168.200.200    *Serve IPs from this range*
  **DNS servers**  192.168.200.1                         *Supply a DNS with the lease*
  **Gateway**      192.168.200.1                         *Supply a gateway with the lease*
 ================ ==================================== =======================================
@@ -228,11 +228,10 @@ Step 5 - Create Template
 The template feature is one of the most powerful features of OPNsense's Captive
 Portal solution and it's very easy to work with.
 
-Lets create a custom landing page, to do so click on the tab **Templates** and
+Let's create a custom landing page, to do so click on the tab **Templates** and
 click on the download icon in the lower right corner ( |download| ).
 
 .. image:: images/template_download.png
-    :width: 100%
 
 Now download the default template, we will use this to create our own.
 Unpack the template zip file, you should have something similar to this:
@@ -242,21 +241,21 @@ Unpack the template zip file, you should have something similar to this:
 
 Most files of the template can be modified, but some are default and may not be
 changes. Upon upload any changes to the files listed in **exclude.list** will be
-ignored. Currently these include the bootstrap java scripting and some fonts.
+ignored. Currently these include the bootstrap JavaScript and some fonts.
 
 With the captive portal enabled the default screen looks like:
 
 .. image:: images/default_login_no_authenticator.png
     :width: 100%
 
-Lets change this default with a new logo and a welcome message, to this:
+Let's change this default with a new logo and a welcome message, to this:
 
 .. image:: images/mycompany_login.png
 
 To do so use your favourite editor and open the **index.html** file to make the
 changes.
 
-Lets make the following changes to the template:
+Let's make the following changes to the template:
 
 #. Change the logo to **company-logo.png**
 #. Remove the navigation bar on the top
@@ -308,20 +307,19 @@ Hit Upload ( |upload| )
       :width: 100%
 
 .. |upload| image:: images/btn_upload.png
-      :width: 100%
 
 To enable the captive portal on the GUESTNET interface just click on **Apply**.
 
 -------------------------------
 Step 6 - Limit Guests Bandwidth
 -------------------------------
-For our example we will reserve 10Mbps down and 1Mbps Up for the Guest Network's
+For our example we will reserve 10 Mbps down and 1 Mbps Up for the Guest Network's
 Internet Access. This bandwidth will be shared evenly between connected clients.
 
 .. Note::
       With sharing evenly we mean that if 10 users at the same time try to use
       as much bandwidth as possible then everyone gets 1/10th. So in our example
-      that would be 1Mbps down stream (download). It is also possible to limit
+      that would be 1 Mbps down stream (download). It is also possible to limit
       the traffic per user see also :doc:`shaper`
 
 Go to: **Firewall->Traffic Shaper->Settings**.
@@ -351,7 +349,7 @@ And add another pipe for the upload traffic.
 Click on **Save changes**.
 
 
-Create the traffic shaper rules.Click on the tab **Rules** and press the  **+**
+Create the traffic shaper rules. Click on the tab **Rules** and press the  **+**
 to do so.
 
 First toggle the advanced mode (upper left corner of the form) and then fill in
@@ -363,7 +361,7 @@ the following details (leave everything not specified on defaults):
  **interface 2**   GUESTNET
  **direction**     in
  **target**        pipe_10Mbps_down
- **description**   Limit Guests download to 10Mbps
+ **description**   Limit Guests download to 10 Mbps
 ================= ==================================
 
 Click **Save changes**.
@@ -374,7 +372,7 @@ Click **Save changes**.
  **interface 2**   GUESTNET
  **direction**     out
  **target**        pipe_1Mbps_up
- **description**   Limit Guests upload to 1Mbps
+ **description**   Limit Guests upload to 1 Mbps
 ================= ==================================
 
 Click **Save changes**.
@@ -428,31 +426,31 @@ Step 9 - Create Vouchers
 Go back to the Captive portal and select Vouchers (**Services->Captive Portal->Vouchers**).
 Click on **Create Vouchers** in the lower right corner of the form.
 
-Lets create 1 Day vouchers for our guests:
+Let's create 1 Day vouchers for our guests:
 
 .. image:: images/create_vouchers.png
     :width: 100%
 
 
-Enter the Validity (1 day), the number of Vouchers and a Groupname (Wifi day pass f.i.).
+Enter the Validity (1 day), the number of Vouchers and a Groupname (Wi-Fi day pass, for example).
 For the example we create 10 vouchers. Click on **Generate**.
 
-A file will be generated called **wifi day pass.csv**.
+A file will be generated called **Wi-Fi day pass.csv**.
 The content of this file looks like this:
 
 .. code-block:: guess
 
     username,password,vouchergroup,validity
-    "IgJw@Pqf","MLi+Sb7Ak#","Wifi day pass","86400"
+    "IgJw@Pqf","MLi+Sb7Ak#","Wi-Fi day pass","86400"
-    "++?f[@i[","!m*)e(@;F,","Wifi day pass","86400"
+    "++?f[@i[","!m*)e(@;F,","Wi-Fi day pass","86400"
-    "bbtK9mBk","f/jCDL3:)b","Wifi day pass","86400"
+    "bbtK9mBk","f/jCDL3:)b","Wi-Fi day pass","86400"
-    "iD%L[jLJ","I#FoZ#g!AY","Wifi day pass","86400"
+    "iD%L[jLJ","I#FoZ#g!AY","Wi-Fi day pass","86400"
-    "+4bA\E[I","CNavt@0ck+","Wifi day pass","86400"
+    "+4bA\E[I","CNavt@0ck+","Wi-Fi day pass","86400"
-    "+,fg/\Sv","#22iIL-iQA","Wifi day pass","86400"
+    "+,fg/\Sv","#22iIL-iQA","Wi-Fi day pass","86400"
-    ":;Pc\N#s","Y\HuG9vAN$","Wifi day pass","86400"
+    ":;Pc\N#s","Y\HuG9vAN$","Wi-Fi day pass","86400"
-    "00nLb=0Q","0*C_\_Nb_x","Wifi day pass","86400"
+    "00nLb=0Q","0*C_\_Nb_x","Wi-Fi day pass","86400"
-    "PA$J0YHF","kp!q%9;m)g","Wifi day pass","86400"
+    "PA$J0YHF","kp!q%9;m)g","Wi-Fi day pass","86400"
-    "a,mCxbya","LcnCb#g/di","Wifi day pass","86400"
+    "a,mCxbya","LcnCb#g/di","Wi-Fi day pass","86400"
 
 The content are:
 
@@ -465,11 +463,11 @@ The content are:
 
 .. Warning::
 
-    For security reasons the plain text password for the vouchers are NOT stored
+    For security reasons the plain text passwords for the vouchers are NOT stored
     on the firewall.
 
 This file can be used for creating nice guest vouchers (on paper) by just merging
-the cvs data with word, open office or any other dtp/text editor.
+the CSV data with Microsoft Word, LibreOffice or any other DTP/text editor.
 
 Create something like this:
 
@@ -501,7 +499,6 @@ When done click **Save changes** and the **Apply** to apply the new settings.
 Now users will see the login form as part of your template:
 
 .. image:: images/cp_voucher_login.png
-    :width: 100%
 
 --------------
 Check Sessions
@@ -523,8 +520,8 @@ You can drop an active session by clicking on the trashcan.
 Check Voucher Status
 --------------------
 You can check the validity and active status of a voucher by going to the voucher
-page of the captive portal (**Services->Captive Protal->Vouchers**) and select
+page of the captive portal (**Services->Captive Portal->Vouchers**) and select
-the correct database (Wifi day pass in our example).
+the correct database (Wi-Fi day pass in our example).
 
 .. image:: images/cp_active_vouchers.png
     :width: 100%
@@ -538,16 +535,16 @@ the correct database (Wifi day pass in our example).
 ------------------------
 Advanced - Session popup
 ------------------------
-Lets create a Session Popup so user can see some details about there session and
+Let's create a Session Popup so users can see some details about their session and
-Logout. For this feature we will use OPNsense's build-in api calls.
+Logout. For this feature we will use OPNsense's built-in API calls.
 
-In particular we will use the following api call (for zone id 0):
+In particular we will use the following API call (for zone id 0):
 
 .. code-block:: guess
 
   /api/captiveportal/access/status/0/
 
-The response on this api call looks like this (for an active session):
+The response on this API call looks like this (for an active session):
 
 .. code-block:: json
 
@@ -566,7 +563,7 @@ The response on this api call looks like this (for an active session):
   "packets_in":3181,
   "clientState":"AUTHORIZED"}
 
-It would go a bit to far to explain standard html and java scripting used for
+It would go a bit to far to explain standard HTML and JavaScript used for
 our simple popup, but a full demo template can be downloaded:
 
 :download:`Download the example Template (with popup) <resources/template_popup.zip>`

source/manual/how-tos/ips-feodo.rst

@@ -20,7 +20,7 @@ Prerequisites
     :width: 100%
 
 * Minimum Advisable Memory is 2 Gigabyte and sufficient free disk space for
-  logging (>10GB advisable).
+  logging (>10 GB advisable).
 
 * Disable all Hardware Offloading
   Under **Interface-Settings**
@@ -57,7 +57,6 @@ First apply the configuration by pressing the **Apply** button at the bottom of
 the form.
 
 .. image:: images/applybtn.png
-    :width: 100%
 
 ---------------
 Fetch Rule sets
@@ -71,7 +70,6 @@ To do so: select Enabled after each one.
 To download the rule sets press **Download & Update Rules**.
 
 .. image:: images/downloadbtn.png
-    :width: 100%
 
 -----------------------
 Change default behavior
@@ -93,7 +91,6 @@ Apply fraud drop actions
 Now press **Download & Update Rules** again to change the behavior to drop.
 
 .. image:: images/downloadbtn.png
-    :width: 100%
 
 ---------------
 Keep up to date

source/manual/how-tos/ips-geoip.rst

@@ -2,7 +2,7 @@
 IPS GeoIP Blocking
 ==================
 
-This tutorial explains how to setup the IPS system to block ip's based on their
+This tutorial explains how to setup the IPS system to block IPs based on their
 geographic location. This option is made possible by the integration of the
 Maxmind GeoLite2 Country database. More information can be found here: http://dev.maxmind.com/geoip/geoip2/geolite2/
 
@@ -17,7 +17,7 @@ Prerequisites
     :width: 100%
 
 * Minimum Advisable Memory is 2 Gigabyte and sufficient free disk space for
-  logging (>10GB advisable).
+  logging (>10 GB advisable).
 
 * Disable all Hardware Offloading
   Under **Interface-Settings**
@@ -87,13 +87,11 @@ Apply configuration
 If this is the first GeoIP rule you add then you need to **Download & Update Rules**
 
 .. image:: images/downloadbtn.png
-    :width: 100%
 
 Then apply the configuration by pressing the **Apply** button at the bottom of
 the form.
 
 .. image:: images/applybtn.png
-    :width: 100%
 
 
 ------------

source/manual/how-tos/ips-sslfingerprint.rst

@@ -16,7 +16,7 @@ Prerequisites
     :width: 100%
 
 * Minimum Advisable Memory is 2 Gigabyte and sufficient free disk space for
-  logging (>10GB advisable).
+  logging (>10 GB advisable).
 
 * Disable all Hardware Offloading
   Under **Interface-Settings**
@@ -106,7 +106,6 @@ First apply the configuration by pressing the **Apply** button at the bottom of
 the form.
 
 .. image:: images/applybtn.png
-    :width: 100%
 
 ----------------------------
 Clear Browser Cache and test

source/manual/how-tos/ipsec-s2s-binat.rst

@@ -3,7 +3,7 @@ IPSec BINAT
 ===============
 
 Assume company A has local LAN 10.0.1.0/24 and company B has local LAN 10.0.2.0/24.
-Also we assume that on both sides the other networks are already in use, e.g. in company A the network 10.0.2.0/24 is used for Voice and in company B network 10.0.1.0/24 is used for Guest Wifi.
+Also we assume that on both sides the other networks are already in use, e.g. in company A the network 10.0.2.0/24 is used for Voice and in company B network 10.0.1.0/24 is used for Guest Wi-Fi.
 
 We have to define new networks for the Phase 2 with unused ones and create NAT entries to reach the final systems.
 

source/manual/how-tos/ipsec-s2s.rst

@@ -203,7 +203,7 @@ General information
 -------------------
 ========================= ============= ================================================
 **Connection method**      default       *default is 'Start on traffic'*
-**Key Exchange version**   V2            *both V1 and V2 are supported*
+**Key Exchange version**   V2
 **Internet Protocol**      IPv4
 **Interface**              WAN           *choose the interface connected to the internet*
 **Remote gateway**         172.10.2.1    *the public ip address of your remote OPNsense*
@@ -215,7 +215,6 @@ Phase 1 proposal (Authentication)
 ---------------------------------
 =========================== ====================== ======================================
  **Authentication method**   Mutual PSK             *Using a Pre-shared Key*
- **Negotiation mode**        Main                   *Use Main. Aggressive is insecure*
  **My identifier**           My IP address          *Simple identification for fixed ip*
  **Peer identifier**         Peer IP address        *Simple identification for fixed ip*
  **Pre-Shared Key**          At4aDMOAOub2NwT6gMHA   *Random key*. **CREATE YOUR OWN!**
@@ -224,12 +223,12 @@ Phase 1 proposal (Authentication)
 
 Phase 1 proposal (Algorithms)
 -----------------------------
-========================== ============= ===========================================
+========================== =============== ===========================================
- **Encryption algorithm**   AES           *For our sample we will Use AES/256 bits*
+ **Encryption algorithm**   AES             *For our sample we will Use AES/256 bits*
- **Hash algoritm**          SHA512        *Use a strong hash like SHA512*
+ **Hash algoritm**          SHA512          *Use a strong hash like SHA512*
- **DH key group**           2048 bit      *2048 bit should be sufficient*
+ **DH key group**           14 (2048 bit)   *2048 bit should be sufficient*
- **Lifetime**               28800 sec     *lifetime before renegotiation*
+ **Lifetime**               28800 sec       *lifetime before renegotiation*
-========================== ============= ===========================================
+========================== =============== ===========================================
 
 
 Advanced Options
@@ -245,7 +244,6 @@ Advanced Options
 Save your setting by pressing:
 
 .. image:: images/btn_save.png
-    :width: 100%
 
 Now you should see the following screen:
 
@@ -259,7 +257,6 @@ Step 2 - Phase 2 Site A
 Press the button that says '+ Show 0 Phase-2 entries'
 
 .. image:: images/ipsec_s2s_vpn_p1a_show_p2.png
-    :width: 100%
 
 You will see an empty list:
 
@@ -291,30 +288,27 @@ Remote Network
 
 Phase 2 proposal (SA/Key Exchange)
 ----------------------------------
-=========================== ============ =======================================
+=========================== =============== =======================================
-**Protocol**                 ESP           *Choose ESP for encryption*
+**Protocol**                 ESP             *Choose ESP for encryption*
-**Encryption algorithms**    AES / 256     *For the sample we use AES 256*
+**Encryption algorithms**    AES / 256       *For the sample we use AES 256*
-**Hash algortihms**          SHA512        *Choose a strong hash like SHA512*
+**Hash algortihms**          SHA512          *Choose a strong hash like SHA512*
-**PFS Key group**            2048 bit      *Not required but enhanced security*
+**PFS Key group**            14 (2048 bit)   *Not required but enhanced security*
 **Lifetime**                 3600 sec
-=========================== ============ =======================================
+=========================== =============== =======================================
 
 Save your setting by pressing:
 
 .. image:: images/btn_save.png
-    :width: 100%
 
 -----------------------------
 
 Enable IPsec for Site A, Select:
 
 .. image:: images/ipsec_s2s_vpn_p1a_enable.png
-    :width: 100%
 
 Save:
 
 .. image:: images/btn_save.png
-    :width: 100%
 
 And Apply changes:
 
@@ -340,7 +334,7 @@ General information
 -------------------
 ========================= ============= ================================================
 **Connection method**      default       *default is 'Start on traffic'*
-**Key Exchange version**   V2            *both V1 and V2 are supported*
+**Key Exchange version**   V2
 **Internet Protocol**      IPv4
 **Interface**              WAN           *choose the interface connected to the internet*
 **Remote gateway**         172.10.1.1    *the public ip address of your remote OPNsense*
@@ -352,7 +346,6 @@ Phase 1 proposal (Authentication)
 ---------------------------------
 =========================== ====================== ======================================
  **Authentication method**   Mutual PSK             *Using a Pre-shared Key*
- **Negotiation mode**        Main                   *Use Main. Aggressive is insecure*
  **My identifier**           My IP address          *Simple identification for fixed ip*
  **Peer identifier**         Peer IP address        *Simple identification for fixed ip*
  **Pre-Shared Key**          At4aDMOAOub2NwT6gMHA   *Random key*. **CREATE YOUR OWN!**
@@ -361,12 +354,12 @@ Phase 1 proposal (Authentication)
 
 Phase 1 proposal (Algorithms)
 -----------------------------
-========================== ============= ===========================================
+========================== =============== ===========================================
- **Encryption algorithm**   AES           *For our sample we will Use AES/256 bits*
+ **Encryption algorithm**   AES             *For our sample we will Use AES/256 bits*
- **Hash algoritm**          SHA512        *Use a strong hash like SHA512*
+ **Hash algoritm**          SHA512          *Use a strong hash like SHA512*
- **DH key group**           2048 bit      *2048 bit should be sufficient*
+ **DH key group**           14 (2048 bit)   *2048 bit should be sufficient*
- **Lifetime**               28800 sec     *lifetime before renegotiation*
+ **Lifetime**               28800 sec       *lifetime before renegotiation*
-========================== ============= ===========================================
+========================== =============== ===========================================
 
 
 Advanced Options
@@ -382,7 +375,6 @@ Advanced Options
 Save your setting by pressing:
 
 .. image:: images/btn_save.png
-    :width: 100%
 
 Now you should see the following screen:
 
@@ -429,19 +421,18 @@ Remote Network
 
 Phase 2 proposal (SA/Key Exchange)
 ----------------------------------
-=========================== ============ =======================================
+=========================== =============== =======================================
-**Protocol**                 ESP           *Choose ESP for encryption*
+**Protocol**                 ESP             *Choose ESP for encryption*
-**Encryption algorithms**    AES / 256     *For the sample we use AES 256*
+**Encryption algorithms**    AES / 256       *For the sample we use AES 256*
-**Hash algortihms**          SHA512        *Choose a strong hash like SHA512*
+**Hash algortihms**          SHA512          *Choose a strong hash like SHA512*
-**PFS Key group**            2048 bit      *Not required but enhanced security*
+**PFS Key group**            14 (2048 bit)   *Not required but enhanced security*
 **Lifetime**                 3600 sec
-=========================== ============ =======================================
+=========================== =============== =======================================
 
 
 Save your setting by pressing:
 
 .. image:: images/btn_save.png
-    :width: 100%
 
 -----------------------------
 
@@ -453,7 +444,6 @@ Enable IPsec for Site B, Select:
 Save:
 
 .. image:: images/btn_save.png
-    :width: 100%
 
 And Apply changes:
 
@@ -530,4 +520,4 @@ Common issues are unequal settings. Both ends must use the same encryption stand
 
   If you are testing locally with your pc connected to one of the two test boxes
   as in the sample configuration, then make sure you have no other network
-  connections (f.i. wifi).
+  connections (Wi-Fi, for example).

source/manual/how-tos/multiwan.rst

@@ -24,7 +24,7 @@ Configure Failover
 ------------------
 To setup Failover the following step will be taken:
 
-#. Add monitor IP's to the gateways
+#. Add monitor IPs to the gateways
 #. Add a gateway group
 #. Configure DNS for each gateway
 #. Use policy based routing to utilize our gateway group
@@ -40,12 +40,12 @@ To setup Failover the following step will be taken:
 Example configuration
 ---------------------
 Our example utilized two previous configured WAN gateways that both are confirmed
-to function separately. As DNS's and monitor ip's we will utilize google's DNS
+to function separately. As DNS's and monitor IPs we will utilize google's DNS
 services 8.8.8.8 and 8.8.4.4, of course you can use your own 'known good' setting.
 
 We defined WAN and WAN2, where WAN will be our primary (default) gateway.
 
-Step 1 - Add monitor IP's
+Step 1 - Add monitor IPs
 -------------------------
 You may skip this step if you already have setup the monitoring ip and both gateways
 are shown as online.
@@ -185,7 +185,7 @@ gateways.
 
 Sticky Connection
 -----------------
-Some web sites don't like changing request ip's for the same session, this may
+Some web sites don't like changing request IPs for the same session, this may
 lead to unexpected behavior. To solve this you can use the option **Sticky Connections**,
 this will make sure each subsequent request from the same user to the same website
 is send through the same gateway.
@@ -196,7 +196,7 @@ Unequal Balancing (Weight)
 --------------------------
 If you have a non symmetric setup with one IPS having a much higher
 bandwidth that the other then you can set a weight on each gateway to change the
-load balance. For instance if you have one line of 10Mbps and one of 20Mbps then
+load balance. For instance if you have one line of 10 Mbps and one of 20 Mbps then
 set the weight of the first one to 1 and the second one to 2. This way the second
 gateway will get twice as many traffic to handle than the first.
 

source/manual/how-tos/orange_fr_fttp.rst

@@ -1,123 +1,123 @@
-Orange France FTTP IPv4 & IPv6
+Orange France FTTP IPv4 & IPv6
-==============================
+==============================
-
+
-**Original Author:** Kev Willers
+**Original Author:** Kev Willers
-
+
-**Introduction**
+**Introduction**
------------------
+-----------------
-This guide is for Orange France FTTP using DHCP to connect (this method currently excludes the users of the PRO package).
+This guide is for Orange France FTTP using DHCP to connect (this method currently excludes the users of the PRO package).
-
+
-The guide deals with just the internet connection. Setting up of TV or Phone is not covered here.
+The guide deals with just the internet connection. Setting up of TV or Phone is not covered here.
-
+
-
+
-**Getting ready to make the connection**
+**Getting ready to make the connection**
-----------------------------------------
+----------------------------------------
-
+
-Orange requires that the WAN is configured over VLAN 832. So the first step is to set up the VLAN on the intended WAN nic as shown below
+Orange requires that the WAN is configured over VLAN 832. So the first step is to set up the VLAN on the intended WAN nic as shown below
-
+
-.. image:: images/OF_image0.png
+.. image:: images/OF_image0.png
-	:width: 100%
+	:width: 100%
-
+
-and the WAN interface assignment should hence look something like this
+and the WAN interface assignment should hence look something like this
-
+
-.. image:: images/OF_image1.png
+.. image:: images/OF_image1.png
-	:width: 100%
+	:width: 100%
-
+
-**Configuring the WAN Interface**
+**Configuring the WAN Interface**
----------------------------------
+---------------------------------
-
+
-In order to establish the IPv4 and IPv6 connection Orange requires that the correct parameters are passed for the DHCP and DHCP6
+In order to establish the IPv4 and IPv6 connection Orange requires that the correct parameters are passed for the DHCP and DHCP6
-requests respectively
+requests respectively
-
+
-select options DHCP and DHCPv6 in general configuration
+select options DHCP and DHCPv6 in general configuration
-
+
-.. image:: images/OF_image2.png
+.. image:: images/OF_image2.png
-	:width: 100%
+	:width: 100%
-
+
-**On the DHCP request it is a requirement to pass the following:**
+**On the DHCP request it is a requirement to pass the following:**
-
+
-* dhcp-class-identifier "sagem"
+* dhcp-class-identifier "sagem"
-* user-class "+FSVDSL_livebox.Internet.softathome.Livebox3"
+* user-class "+FSVDSL_livebox.Internet.softathome.Livebox3"
-* option-90 00:00:00:00:00:00:00:00:00:00:00:66:74:69:2f:65:77:74:FF:AB:XX:XX
+* option-90 00:00:00:00:00:00:00:00:00:00:00:66:74:69:2f:65:77:74:FF:AB:XX:XX
-  (hex conversion of the the userid supplied by Orange which looks like fti/xxxxxxx)
+  (hex conversion of the the userid supplied by Orange which looks like fti/xxxxxxx)
-
+
-.. Note::
+.. Note::
-    The eleven leading hex 00 pairs to be prefixed to the converted userID
+    The eleven leading hex 00 pairs to be prefixed to the converted userID
-
+
-These parameters should be passed as comma separated options in the 'Send Options' area of there WAN DHCP request
+These parameters should be passed as comma separated options in the 'Send Options' area of their WAN DHCP request
-
+
-.. image:: images/OF_image3.png
+.. image:: images/OF_image3.png
-	:width: 100%
+	:width: 100%
-
+
-.. Note::
+.. Note::
-    It is necessary to specify the following 'Request Options'
+    It is necessary to specify the following 'Request Options'
-
+
-* subnet-mask
+* subnet-mask
-* broadcast-address
+* broadcast-address
-* dhcp-lease-time
+* dhcp-lease-time
-* dhcp-renewal-time
+* dhcp-renewal-time
-* dhcp-rebinding-time
+* dhcp-rebinding-time
-* domain-search, routers
+* domain-search, routers
-* domain-name-servers
+* domain-name-servers
-* option-90
+* option-90
-
+
-These parameters should be passed as comma separated options in the 'Request Options' area of there WAN DHCP request
+These parameters should be passed as comma separated options in the 'Request Options' area of their WAN DHCP request
-
+
-Now for the regional specific part.
+Now for the regional specific part.
-
+
-Some areas of France require that the DHCP and DHCP6 requests are made with a VLAN-PCP of 6. If you are in one of these regions then
+Some areas of France require that the DHCP and DHCP6 requests are made with a VLAN-PCP of 6. If you are in one of these regions then
-this can be done via the 'Option Modifiers'.
+this can be done via the 'Option Modifiers'.
-
+
-.. Note::
+.. Note::
-    The vlan-parent is the physical WAN interface - igb0, em0 etc.
+    The vlan-parent is the physical WAN interface - igb0, em0 etc.
-
+
-.. image:: images/OF_image4.png
+.. image:: images/OF_image4.png
-	:width: 100%
+	:width: 100%
-
+
-On the DHCP6 request we need to use raw options
+On the DHCP6 request we need to use raw options
-
+
-Firstly select 'Advanced' and your region needs a VLAN-PCP set it via 'Use VLAN priority'
+Firstly select 'Advanced' and your region needs a VLAN-PCP set it via 'Use VLAN priority'
-
+
-.. image:: images/OF_image5.png
+.. image:: images/OF_image5.png
-	:width: 100%
+	:width: 100%
-
+
-then add the following options in the 'Send Options' field
+then add the following options in the 'Send Options' field
-
+
-* ia-pd 0
+* ia-pd 0
-* raw-option 6 00:0b:00:11:00:17:00:18
+* raw-option 6 00:0b:00:11:00:17:00:18
-* raw-option 15 00:2b:46:53:56:44:53:4c:5f:6c:69:76:65:62:6f:78:2e:49:6e:74:65:72:6e:65:74:2e:73:6f:66:74:61:74:68:6f:6d:65:2e:6c:69:76:65:62:6f:78:33
+* raw-option 15 00:2b:46:53:56:44:53:4c:5f:6c:69:76:65:62:6f:78:2e:49:6e:74:65:72:6e:65:74:2e:73:6f:66:74:61:74:68:6f:6d:65:2e:6c:69:76:65:62:6f:78:33
-* raw-option 16 00:00:04:0e:00:05:73:61:67:65:6d
+* raw-option 16 00:00:04:0e:00:05:73:61:67:65:6d
-* raw-option 11 00:00:00:00:00:00:00:00:00:00:00:66:74:69:2f:65:77:74:FF:AB:XX:XX
+* raw-option 11 00:00:00:00:00:00:00:00:00:00:00:66:74:69:2f:65:77:74:FF:AB:XX:XX
-  (hex conversion of the the userid supplied by Orange which looks like fti/xxxxxxx)
+  (hex conversion of the the userid supplied by Orange which looks like fti/xxxxxxx)
-
+
-.. Note::
+.. Note::
-    The eleven leading hex 00 pairs to be prefixed to the converted userID
+    The eleven leading hex 00 pairs to be prefixed to the converted userID
-
+
-Finally set the Identity Association and Prefix interface as shown
+Finally set the Identity Association and Prefix interface as shown
-
+
-.. image:: images/OF_image6.png
+.. image:: images/OF_image6.png
-	:width: 100%
+	:width: 100%
-
+
-Click ‘Save’ and then ‘Apply’.
+Click ‘Save’ and then ‘Apply’.
-
+
-
+
-**LAN Interface**
+**LAN Interface**
------------------
+-----------------
-
+
-
+
-Select Interfaces->LAN and set IPV4 to "Static IPv4" and IPv6 Configuration Type to ‘Track
+Select Interfaces->LAN and set IPV4 to "Static IPv4" and IPv6 Configuration Type to ‘Track
-Interface’
+Interface’
-
+
-.. image:: images/OF_image7.png
+.. image:: images/OF_image7.png
-	:width: 100%
+	:width: 100%
-
+
-
+
-Finally, set the Track IPv6 Interface to WAN and set the IPv4 address to your chosen address.
+Finally, set the Track IPv6 Interface to WAN and set the IPv4 address to your chosen address.
-
+
-
+
-.. image:: images/OF_image8.png
+.. image:: images/OF_image8.png
-	:width: 100%
+	:width: 100%
-
+
-Click ‘Save’ and then ‘Apply’.
+Click ‘Save’ and then ‘Apply’.
-
+
-It is advisable at this point to reboot the system.
+It is advisable at this point to reboot the system.

source/manual/how-tos/proxyicapantivirus.rst

@@ -4,7 +4,7 @@ Setup Anti Virus Protection
 OPNsense can offer http and https protection by utilizing its highly flexible
 proxy and the industry standard ICAP. An external engine from one of the known
 vendors is used to offer maximum protection against malware, such as ransomware,
-trojans and viruses. This protection can be further enhanced by the build-in Intrusion
+trojans and viruses. This protection can be further enhanced by the built-in Intrusion
 Prevention System and Category Based Web filtering.
 
 This How To will utilize Symantec's Protection Engine, but any other vendor that

source/manual/how-tos/proxyicapantivirusinternal.rst

@@ -4,7 +4,7 @@ Setup Anti Virus Protection using OPNsense Plugins
 OPNsense can offer http and https protection by utilizing its highly flexible
 proxy and the industry standard ICAP. An external engine from one of the known
 vendors is used to offer maximum protection against malware, such as ransomware,
-trojans and viruses. This protection can be further enhanced by the build-in Intrusion
+trojans and viruses. This protection can be further enhanced by the built-in Intrusion
 Prevention System and Category Based Web filtering.
 
 This How To will use the Plugins C-ICAP and ClamAV.

source/manual/how-tos/proxytransparent.rst

@@ -151,9 +151,8 @@ certificate for each page manually, but for some pages that may not work well un
 not bumped.
 
 .. image:: images/export_CA_cert.png
-    :width: 100%
 
-Import and change trust settings on your favorite OS. Per example on OSX it looks
+Import and change trust settings on your favorite OS. For example, on macOS it looks
 like this:
 
 .. image:: images/Trust_Settings_OSX.png

source/manual/how-tos/proxywebfilter.rst

@@ -1,7 +1,7 @@
 ====================
 Setup Web Filtering
 ====================
-Category based web filtering in OPNsense is done by utilizing the build-in proxy
+Category based web filtering in OPNsense is done by utilizing the built-in proxy
 and one of the freely available or commercial blacklists.
 
 For this this How-to we will utilize the `UT1 "web categorization list" <https://dsi.ut-capitole.fr/blacklists/index_en.php>`__ from the
@@ -62,7 +62,7 @@ Press **Save Changes**.
 Step 3 - Download the Categories
 --------------------------------
 Now press Download ACL's, please note that this will take a while (can be several
-minutes) as the full list (>19MB) will be converted to squid acl's.
+minutes) as the full list (>19 MB) will be converted to squid acl's.
 
 -------------------------
 Step 4 - Setup Categories
@@ -82,7 +82,7 @@ clear the list and select the following from the drop down list:
 
 Now **Save changes** and press **Download ACLs** again to download and reconstruct
 the list with only the selected categories. This will take roughly the same amount
-of time as the first fetch as the adult alone section is ~15MB.
+of time as the first fetch as the adult alone section is ~15 MB.
 
 ---------------------
 Step 5 - Enable Proxy

source/manual/how-tos/self-signed-chain.rst

@@ -79,17 +79,17 @@ When you are done save the form, the CA is now generated.
 ====================== =================================== ========================================
 
 .. image:: images/CA.png
-   :width: 15%
+   :width: 100%
 
 .. Tip::
 
-    Use valid email addresses for your certificates always.
+    Always use valid email addresses for your certificates.
-    Bogus addresses can pose a security risk not only for certificates btw. ;-)
+    Bogus addresses can pose a security risk – and not only for certificates.
 
 The Intermediate
 ----------------
 
-Time to create the second CA which is an **intermediate CA**. This certificate will be signed
+Time to create the second CA, which is an **intermediate CA**. This certificate will be signed
 by the root CA we just created. In return it will sign the sever certificate for OPNsense.
 
 Go to **Trust/Authorities**
@@ -103,7 +103,7 @@ Have a look at the form, create an intermediate CA and save it.
 ====================== =================================== ========================================
 
 .. image:: images/CA-inter.png
-   :width: 15%
+   :width: 100%
 
 The Certificate
 ---------------
@@ -122,7 +122,7 @@ Have a look at the next form and notice the common name, create a server certifi
 ====================== =================================== ========================================
 
 .. image:: images/webgui-cert.png
-   :width: 15%
+   :width: 100%
 
 .. Tip::
 
@@ -189,7 +189,7 @@ Go to **Trust/Authorities** create a new CA for Nextcloud and save it.
 ====================== =================================== ========================================
 
 .. image:: images/CA-cloud.png
-   :width: 15%
+   :width: 100%
 
 OPNsense needs to be made aware of the Nextcloud chain we are creating.
 
@@ -231,7 +231,7 @@ Go to **Trust/Authorities** and create an intermediate CA.
 ====================== =================================== ========================================
 
 .. image:: images/CA-cloud-inter.png
-   :width: 15%
+   :width: 100%
 
 Download the intermediate CA and install it to your browser:
 
@@ -253,7 +253,7 @@ Go to **Trust/Certificates** create a server certificate.
 ====================== =================================== ========================================
 
 .. image:: images/cloud-cert.png
-   :width: 15%
+   :width: 100%
 
 We need to install this certificate and key to our Nextcloud server, two ways are shown here.
 

source/manual/how-tos/shaper.rst

@@ -17,9 +17,9 @@ In this scenario we will create a pipe dedicated for traffic going to and coming
 from our realtime application. For the sample we presume a SIP trunk or hosted
 Voice Over IP (VOIP) server.
 
-For this example we presume a requirement of 4 uncompressed voice channels of 64Kbps,
+For this example we presume a requirement of 4 uncompressed voice channels of 64 kbps,
-resulting in a total bandwidth of 256Kbps. The internet connection in this example
+resulting in a total bandwidth of 256 kbps. The internet connection in this example
-has 10Mbps Download and 1Mbps Upload.
+has 10 Mbps Download and 1 Mbps Upload.
 
 
 
@@ -69,17 +69,17 @@ Create Pipe For Upload (To our VOIP Server)
  **bandwidth**          256              *Numeric value of the desired bandwidth*
  **bandwidth Metric**   Kbit/s           *Metric to use with the numeric value*
  **mask**               (Empty)          *Used for auto queueing, empty for our sample*
- **description**        PipeUp-256Kbps   *Free field, enter something descriptive*
+ **description**        PipeUp-256kbps   *Free field, enter something descriptive*
 ====================== ================ ================================================
 
-Create Pipe For Upload (Other Traffic = 1024Kbps - 256Kbps = 768Kbps)
+Create Pipe For Upload (Other Traffic = 1024 kbps - 256 kbps = 768 kbps)
 
 ====================== ================ ================================================
  **enabled**            Checked          *Check to enable the pipe*
  **bandwidth**          768              *Numeric value of the desired bandwidth*
  **bandwidth Metric**   Kbit/s           *Metric to use with the numeric value*
  **mask**               (Empty)          *Used for auto queueing, empty for our sample*
- **description**        PipeUp-768Kbps   *Free field, enter something descriptive*
+ **description**        PipeUp-768kbps   *Free field, enter something descriptive*
 ====================== ================ ================================================
 
 Create Pipe For Download (From our VOIP Server)
@@ -89,17 +89,17 @@ Create Pipe For Download (From our VOIP Server)
  **bandwidth**          256                *Numeric value of the desired bandwidth*
  **bandwidth Metric**   Kbit/s             *Metric to use with the numeric value*
  **mask**               (Empty)            *Used for auto queueing, empty for our sample*
- **description**        PipeDown-256Kbps   *Free field, enter something descriptive*
+ **description**        PipeDown-256kbps   *Free field, enter something descriptive*
 ====================== ================== ================================================
 
-Create Pipe For Download (Other Traffic = 10240Kbps - 256Kbps = 9984Kbps )
+Create Pipe For Download (Other Traffic = 10240 kbps - 256 kbps = 9984 kbps )
 
 ====================== =================== ================================================
  **enabled**            Checked             *Check to enable the pipe*
  **bandwidth**          9984                *Numeric value of the desired bandwidth*
  **bandwidth Metric**   Kbit/s              *Metric to use with the numeric value*
  **mask**               (Empty)             *Used for auto queueing, empty for our sample*
- **description**        PipeDown-9984Kbps   *Free field, enter something descriptive*
+ **description**        PipeDown-9984kbps   *Free field, enter something descriptive*
 ====================== =================== ================================================
 
 Step 2 - Create Rules
@@ -117,7 +117,7 @@ Create a rule for traffic directed towards the VOIP Server (Upload).
  **src-port**            any              *The source port to shape, leave on any*
  **destination**        172.10.2.1        *The ip address of our VOIP server*
  **dst-port**            any              *Use any of the destination port if static*
- **target**             PipeUP-256Kbps    *Select the Upload 256Kbps Pipe*
+ **target**             PipeUP-256kbps    *Select the Upload 256 kbps Pipe*
  **description**        ShapeVOIPUpload   *Enter a descriptive name*
 ====================== ================= =====================================================
 
@@ -132,7 +132,7 @@ Create a rule for traffic coming from the VOIP Server (Download).
  **src-port**            any              *The source port to shape, leave on any*
  **destination**         any              *The destination ip to shape, leave on any*
  **dst-port**            any              *The destination port to shape, leave on any*
- **target**             PipeDown256Kbps   *Select the Download 256Kbps Pipe*
+ **target**             PipeDown256kbps   *Select the Download 256 kbps Pipe*
  **description**        ShapeVOIPDown     *Enter a descriptive name*
 ====================== ================= =====================================================
 
@@ -142,11 +142,11 @@ Create a rule for all other internet upload traffic
  **sequence**            31               *Auto generated number, overwrite only when needed*
  **interface**           WAN              *Select the interface connected to the internet*
  **proto**               ip               *Select the protocol, ip in our example*
- **source**              192.168.1.0/24   *The source ip's to shape, our LAN network*
+ **source**              192.168.1.0/24   *The source IPs to shape, our LAN network*
  **src-port**            any              *The source port to shape, leave on any*
  **destination**         any              *the destination address, leave in any*
  **dst-port**            any              *Use any of the destination port if static*
- **target**             PipeUp-768Kbps    *Select the Upload 256Kbps Pipe*
+ **target**             PipeUp-768kbps    *Select the Upload 768 kbps Pipe*
  **description**        ShapeUpload       *Enter a descriptive name*
 ====================== ================= =====================================================
 
@@ -159,9 +159,9 @@ Create a rule for all other internet download traffic
  **proto**               ip                 *Select the protocol, ip in our example*
  **source**              any                *The source ip to shape, leave on any*
  **src-port**            any                *The source port to shape, leave on any*
- **destination**         192.168.1.0/24     *The destination ip's to shape, our LAN network*
+ **destination**         192.168.1.0/24     *The destination IPs to shape, our LAN network*
  **dst-port**            any                *The destination port to shape, leave on any*
- **target**             PipeDown-9984Kbps   *Select the Download 256Kbps Pipe*
+ **target**             PipeDown-9984kbps   *Select the Download 256Kbps Pipe*
  **description**        ShapeDown           *Enter a descriptive name*
 ====================== =================== =====================================================
 
@@ -185,8 +185,8 @@ Now press |apply| to activate the traffic shaping rules.
 Share bandwidth evenly
 ----------------------
 
-For this example we presume an internet connection of 10Mbps Download and 1Mbps
+For this example we presume an internet connection of 10 Mbps Download and 1 Mbps
-Upload that we want to share evenly over all users.
+Upload that we want to share evenly between all users.
 
 .. nwdiag::
   :scale: 100%
@@ -299,7 +299,7 @@ Create a rule for traffic coming from the internet (Download).
  **src-port**            any              *The source port to shape, leave on any*
  **destination**         192.168.1.0/24   *The destination ip to shape, select LAN network*
  **dst-port**            any              *The destination port to shape, leave on any*
- **target**             QueueDown-10Mbps  *Select the Download 10Mbps Queue*
+ **target**             QueueDown-10Mbps  *Select the Download 10 Mbps Queue*
  **description**        ShapeDownload     *Enter a descriptive name*
 ====================== ================= =====================================================
 
@@ -315,7 +315,7 @@ Limit bandwidth per user
 ------------------------
 
 For this example we will divide the internet Download traffic between the connected
-users in such manner that each user will receive up to a maximum of 1Mbps.
+users in such manner that each user will receive up to a maximum of 1 Mbps.
 
 .. nwdiag::
   :scale: 100%
@@ -378,7 +378,7 @@ Create a rule for traffic coming from the internet (Download).
  **src-port**            any              *The source port to shape, leave on any*
  **destination**         192.168.1.0/24   *The destination ip to shape, select LAN network*
  **dst-port**            any              *The destination port to shape, leave on any*
- **target**             PipeDown-1Mbps   *Select the Download 256Kbps Pipe*
+ **target**             PipeDown-1Mbps   *Select the Download 1 Mbps Pipe*
  **description**        ShapeDownload     *Enter a descriptive name*
 ====================== ================= =====================================================
 
@@ -401,11 +401,11 @@ By utilizing queues we can influence the bandwidth within a pipe and give certai
 applications more bandwidth than others based on a weighted algorithm.
 
 The idea is simple:
-Let presume we have a pipe of 10Mbps and 2 applications for instance smtp (email)
+Let presume we have a pipe of 10 Mbps and 2 applications for instance smtp (email)
 and http(s). The http(s) traffic will get a weight of 1 and the smtp traffic a
 weight of 9, then when all capacity of our pipe is in use the email traffic will
-get 9x more bandwidth than our http(s) traffic, resulting in 1Mbps for http(s)
+get 9x more bandwidth than our http(s) traffic, resulting in 1 Mbps for http(s)
-and 9Mbps for smtp.
+and 9 Mbps for smtp.
 
 For our example we only look at download traffic, but the exact same can be done
 for the upload traffic.
@@ -413,10 +413,10 @@ for the upload traffic.
 +----------------+--------+-------------------+
 | Application    | Weight | Minimum Bandwidth |
 +================+========+===================+
-| SMTP (port 25) | 9      | 9Mbps             |
+| SMTP (port 25) | 9      | 9 Mbps            |
 +----------------+--------+-------------------+
 | HTTP (80)      |        |                   |
-+----------------+ 1      | 1Mbps             |
++----------------+ 1      | 1 Mbps            |
 | HTTPS (443)    |        |                   |
 +----------------+--------+-------------------+
 
@@ -428,7 +428,7 @@ On the **Pipes** tab click the **+** button in the lower right corner.
 An empty **Edit Pipe** screen will popup.
 
 
-Create Pipe For Download (10Mbps)
+Create Pipe For Download (10 Mbps)
 
 ====================== ================= ===============================================
  **enabled**            Checked          *Check to enable the pipe*
@@ -515,7 +515,7 @@ Adding an extra rule for https traffic is simple as we can use the same http que
  **description**        ShapeHTTPSDownload   *Enter a descriptive name*
 ====================== ==================== =====================================================
 
-This way http and https traffic will be treated the same (total max of 1Mbps).
+This way http and https traffic will be treated the same (total max of 1 Mbps).
 
 Now press |apply| to activate the traffic shaping rules.
 
@@ -532,11 +532,11 @@ One of the options with OPNsense's traffic shaper is its ability to add shaping
 rules based upon two interfaces. This option allows you to shape traffic
 differently based on the direction the traffic is moving between interfaces.
 
-For this example we will use this functionality to share a symmetric 10Mbps internet
+For this example we will use this functionality to share a symmetric 10 Mbps internet
 connection between a primary LAN network and a Guest Network.
 
 The LAN network will not be limited, traffic from users on our Guest Network will
-be limited to a total of 2Mbps Download and 1Mbps Upload.
+be limited to a total of 2 Mbps Download and 1 Mbps Upload.
 
 .. nwdiag::
   :scale: 100%
@@ -636,7 +636,7 @@ Create a rule for the upload traffic
  **sequence**            21                 *Auto generated number, overwrite only when needed*
  **interface**           WAN                *Select the interface that matches your GuestNet*
  **interface2**          GuestNet           *Select the interface connected to the internet*
- **proto**               ip                 *Select the protocol, ip in our example*
+ **proto**               ip                 *Select the protocol, IP in our example*
  **source**              any                *The source address, leave on any*
  **src-port**            any                *The source port to shape, leave on any*
  **destination**         any                *The destination ip to shape, leave on any*

source/manual/how-tos/sslvpn_s2s.rst

@@ -265,7 +265,7 @@ For our configuration we only use one server accessible on UDP port 1194.
 
 Next we also need to allow traffic from the VPN client network (192.168.2.0/24).
 For our example we will allow client to access anything on our local network(s),
-however you may decide just to allow traffic to one or more IP's.
+however you may decide just to allow traffic to one or more IPs.
 
 .. image:: images/sslvpn_openvpn_rule.png
     :width: 100%

source/manual/how-tos/transparent_bridge.rst

@@ -107,7 +107,7 @@ and fill-in the ip/netmask.
 5. Disable Block private networks & bogon
 -----------------------------------------
 
-For the WAN interface we nee to disable blocking of private networks & bogus ip's.
+For the WAN interface we nee to disable blocking of private networks & bogus IPs.
 
 Goto **Interfaces** -> **WAN** and unselect **Block private networks**
 and **Block bogon networks**.

source/manual/how-tos/user-ldap.rst

@@ -88,7 +88,6 @@ to import the users into the local user manager. Go to **System->Access->Users**
 you will see a cloud import icon at the lower right corner of the form.
 
 .. image:: images/user_cloudimport.png
-   :width: 100%
 
 Click on the cloud import icon to start importing users.
 

source/manual/install.rst

@@ -87,7 +87,7 @@ Depending on you hardware and use case different installation media are provided
 |        | | running in serial console (115200) mode with      |
 |        | | secondary VGA support (no kernel messages though) |
 +--------+-----------------------------------------------------+
-| nano   | | a preinstalled serial image for 4GB USB sticks,   |
+| nano   | | a preinstalled serial image for 4 GB USB sticks,  |
 |        | | SD or CF cards for use with embedded devices      |
 +--------+-----------------------------------------------------+
 
@@ -104,7 +104,6 @@ Depending on you hardware and use case different installation media are provided
 Media Filename Composition
 ------------------------------
 .. blockdiag::
-  :scale: 100%
 
    diagram {
      default_shape = roundedbox;
@@ -182,7 +181,7 @@ your target platform has a serial interface choose the "serial image.
 64-bit and 32-bit install images are provided. The following examples
 apply to both.
 
-Write the image to a USB flash drive (>= 1GB) or an IDE hard disk,
+Write the image to a USB flash drive (>=1 GB) or an IDE hard disk,
 either with dd under FreeBSD or under Windows with physdiskwrite
 
 Before writing an (iso) image you need to unpack it first (use bunzip2).

source/manual/netflow.rst

@@ -16,7 +16,7 @@ ip and port number.
 OPNsense offers full support for exporting Netflow data to external collectors as
 well as a comprehensive Analyzer for on-the-box analysis and live monitoring.
 
-OPNsense is the only open source solution with a build-in Netflow analyzer integrated
+OPNsense is the only open source solution with a built-in Netflow analyzer integrated
 into it's Graphical User Interface.
 
 ------------------

source/manual/proxy.rst

@@ -25,7 +25,7 @@ Features include:
 --------------
 Authenticators
 --------------
-User authentication can be done using OPNsense standard and build-in authenticators.
+User authentication can be done using OPNsense standard and built-in authenticators.
 Currently these include:
 
 * LDAP (incl. Microsoft Active Directory)
@@ -61,13 +61,13 @@ shaping features.Additionally it includes its own options:
 -------------------------
 Category Based Web Filter
 -------------------------
-No need for additional plugins, such as squidGuard - as OPNsense has build-in
+No need for additional plugins, such as squidGuard - as OPNsense has built-in
 category based web filter support. Main features include:
 
 * Fetch from a remote URL
 * Supports flat file list and category based compressed lists
 * Automatically convert category based blacklists to squid ACL's
-* Keep up to date with the build-in scheduler
+* Keep up to date with the built-in scheduler
 * Compatible with most popular blacklist
 
 ----------------

source/manual/virtuals.rst

@@ -13,7 +13,7 @@ General tips
 For optimum performance and compatibility, these guides are given:
 
 * Minimum required RAM is 1 GB
-* Minimum recommended virtual disk size of 8GB
+* Minimum recommended virtual disk size of 8 GB
 * Disable all off-loading settings in **Interfaces->Settings**
 
 .. image:: images/disableoffloading.png
@@ -109,7 +109,7 @@ article first.
 File copy failed during installation
 ------------------------------------
 This issue is most likely caused by low memory setting. Make sure your virtual
-OPNsense installation has a minimum of 1GB of RAM.
+OPNsense installation has a minimum of 1 GB of RAM.
 
 ------------------
 

source/manual/vpnet.rst

@@ -29,7 +29,6 @@ well known IPsec as well as older (now considered insecure) legacy options such
 L2TP and PPTP.
 
 .. image:: images/vpn.png
-    :width: 100%
 
 .. Note::