scale vs wodth for images...

6 years ago · 52aa7c2b06
parent 896f94e78c
commit 52aa7c2b06
43 changed files with 268 additions and 273 deletions
--- a/source/manual/aliases.rst
+++ b/source/manual/aliases.rst
@ -36,13 +36,13 @@ Sample
  Lets say we want to create an alias table for **www.youtube.com**
  .. image:: images/aliases_host.png
-      :scale: 100%
+      :width: 100%
 **Apply changes** and look at the content of our newly created pf table.
 Go to **Firewall->Diagnostics->pfTables** and select our newly created youtube table.
 .. image:: images/pftable_youtube.png
-    :scale: 100%
+    :width: 100%
 As you can see there are multiple ip addresses for this domain.
@ -73,12 +73,12 @@ GeoIP
 -----
 With GeoIP alias you can select one or more countries or whole continents to block
 or allow. Use the *toggle all* checkbox to select all countries within the given
-region. 
+region.
 This feature was reworked with 17.7.7 and supersedes the GeoIP blocking via IPS.
  .. image:: images/firewall_geoip_alias.png
-      :scale: 100%
+      :width: 100%
 --------------
 Import Feature
@ -131,12 +131,12 @@ the ipsec server for a site to site tunnel connection:
 * 192.168.300.3
 .. image:: images/alias_remote_ipsec.png
-    :scale: 100%
+    :width: 100%
 We call our list remote_ipsec and update our firewall rules accordingly.
 .. image:: images/alias_firewall_rules.png
-    :scale: 100%
+    :width: 100%
 Notice the list icon to identify a rule with an alias (list).
--- a/source/manual/antivirus.rst
+++ b/source/manual/antivirus.rst
@ -3,7 +3,7 @@
 ===================
 .. image:: images/eye_on_virus_new.jpg
-    :scale: 100%
+    :width: 100%
 **OPNsense** offers the industry standard ICAP to protect http and https
 connections against ransomware, trojans, viruses and other malware .
--- a/source/manual/captiveportal.rst
+++ b/source/manual/captiveportal.rst
@ -7,7 +7,7 @@ but is also widely used in corporate networks for an additional layer of securit
 on wireless or Internet access.
 .. image:: images/hotspot_login.png
-    :scale: 100%
+    :width: 100%
 --------------------
 Typical Applications
@ -27,7 +27,7 @@ task. At the same time it offers additional functionalities, such as:
 * Custom Splash page
 .. image:: images/captiveportal_template_folder.png
-    :scale: 100%
+    :width: 100%
 ---------------
 Zone Management
--- a/source/manual/gui.rst
+++ b/source/manual/gui.rst
@ -21,7 +21,7 @@ GUI Layout & Main Components
 The GUI consists out of the following main components:
 .. image:: images/gui_layout.png
-  :scale: 100%
+  :width: 100%
 Logo & Link to Lobby
--- a/source/manual/hacarp.rst
+++ b/source/manual/hacarp.rst
@ -11,7 +11,7 @@ with automatic and seamless fail-over. While switching to the backup network
 connections will stay active with minimal interruption for the users.
 .. image:: images/light_bulbs.png
-    :scale: 100%
+    :width: 100%
 ------------------
 Automatic failover
--- a/source/manual/how-tos/IPv6_ZenUK.rst
+++ b/source/manual/how-tos/IPv6_ZenUK.rst
@ -27,14 +27,14 @@ connection, for IPv6 using DHCP, select DHCPv6 in the IPv6 connection as
 shown below.
 .. image:: images/ZenUK_image1.png
-	:scale: 100%
+	:width: 100%
 The next step is to configure the parameters required for DHCPv6, these
 are located in the DHCPv6 client configuration section of the WAN
 interface shown below.
 .. image:: images/ZenUK_image2.png
-	:scale: 100%
+	:width: 100%
 As stated before, Zen provide a /48 prefix, so select the prefix size
 accordingly. We directly send the solicit as in this case we do not wish
@ -59,14 +59,14 @@ Select Interfaces->LAN and set the IPv6 Configuration Type to ‘Track
 Interface’
 .. image:: images/ZenUK_image3.png
-	:scale: 100%
+	:width: 100%
 Finally, set the Track IPv6 Interface to WAN, unless there is a special
 requirement which this document does not cover, set the IPv6 Prefix ID
 to 0.
 .. image:: images/ZenUK_image4.png
-	:scale: 100%
+	:width: 100%
 Click ‘Save’ and then ‘Apply’.
@ -107,7 +107,7 @@ Set up the gateway like this:
 .. image:: images/ZenUK_image5.png
-	:scale: 100%
+	:width: 100%
 Click Save.
@ -119,7 +119,7 @@ Select Interfaces->WAN.
 Go to IPv6 Configuration Type and Select Static IPv6.
 .. image:: images/ZenUK_image6.png
-	:scale: 100%
+	:width: 100%
 Go to Static IPv6 Configuration and set the IPv6 Static address:
@ -127,7 +127,7 @@ Go to Static IPv6 Configuration and set the IPv6 Static address:
 DHCPv6.**
 .. image:: images/ZenUK_image7.png
-	:scale: 100%
+	:width: 100%
 Select Use IPv4 connectivity, all IPv6 traffic goes via the PPPoE link.
@ -135,7 +135,7 @@ Finally, select the IPv6 Upstream Gateway, this is the gateway you
 created earlier.
 .. image:: images/ZenUK_image8.png
-	:scale: 100%
+	:width: 100%
 Click Save and Apply.
@ -146,7 +146,7 @@ The LAN interface is very simple to set up, all we need to do is set the
 IPv6 Configuration Type to Static, and enter our static address.
 .. image:: images/ZenUK_image9.png
-	:scale: 100%
+	:width: 100%
 Zen give us a /48 prefix to use on the LAN, so pick an address from that
 range. For example our prefix is:
@ -158,7 +158,7 @@ So
 2a02:8242:55AB:0:4:3:2:1 would suffice.
 .. image:: images/ZenUK_image10.png
-	:scale: 100%
+	:width: 100%
 We want to use a /64 prefix on this interface.
@ -177,7 +177,7 @@ Services->DHCPv6[LAN]
 Firstly, enable the server.
 .. image:: images/ZenUK_image11.png
-	:scale: 100%
+	:width: 100%
 You will notice that the subnet already has a range, and the subnet mask
 is the /64 we set on the LAN. There is also a range we must use, the
@ -192,7 +192,7 @@ Enter the upper – end range that the server will use.
 2a02:8231:d256::eeee:ffff:ffff:ffff
 .. image:: images/ZenUK_image12.png
-	:scale: 100%
+	:width: 100%
 This should cover most LAN subnets, the range given here gives
 281,474.976.710,655 addresses.
@ -204,7 +204,7 @@ example we will only be giving out 64 bit prefixes. We know we have been
 given a /48 prefix by Zen, so we enter our prefix range like this:
 .. image:: images/ZenUK_image13.png
-	:scale: 100%
+	:width: 100%
 Our prefix range is the upper 48 bits, plus some of the next 16 bits,
 but we must not cross into the range we have used for our LAN addresses.
--- a/source/manual/how-tos/SkyUK.rst
+++ b/source/manual/how-tos/SkyUK.rst
@ -17,19 +17,19 @@ in the modem itself.
 Set both IPv4 and IPv6 configuration type to DHCP and DHCPv6 respectively.
 .. image:: images/skyuk_wan_1.png
-	:scale: 100%
+	:width: 100%
 **Option61 - dhcp-client-identifier**
 -------------------------------------
 We now need to send the Sky login credentials. When using VDSL we do not
 need to use specific credentials, as long as they are correctly formatted
-anything will do.     
+anything will do.
 Under DHCP Client Configuration select the Advanced button.
 .. image:: images/skyuk_lan_2.png
-	:scale: 100%
+	:width: 100%
 There is an entry 'Send Options', enter the UserID & Password here in the
 format:
@ -52,13 +52,13 @@ So the full entry for the 'Lease Requirements' Send Options would be:
 *dhcp-client-identifier "12345678@skydsl|12345678",dhcp-class-identifier "7.16a4N_UNI|PCBAFAST2504Nv1.0"*
-    
+
 The next step is to configure the parameters required for DHCPv6, these
 are located in the DHCPv6 client configuration section of the WAN
 interface shown below.
 .. image:: images/skyuk_wan_2.png
-	:scale: 100%
+	:width: 100%
 Sky provide a /56 IPv6 delegation, they do not provide a global IPv6 address
 on the WAN interface, this is link local only. The setting of the option
@ -81,12 +81,12 @@ again would probably result in a new prefix being given, therefore an option
 to enter and store a DUID is given in the Interface:Settings menu.
 .. image:: images/skyuk_wan_3.png
-	:scale: 100%
+	:width: 100%
 The Identifier can either be entered manually or if the user clicks on the 'i'
 icon, the existing DUID can be automatically entered into the field by clicking
-on the 'Insert the existing DUID here' legend. 
+on the 'Insert the existing DUID here' legend.
-    
+
 Click ‘Save’.
 **LAN Interface**
@ -97,17 +97,17 @@ Interfaces:[LAN] menu.
 It is my recommendation not to use the private subnet range 192.168.*.0, as
 this range is often used by hotels and other public networks for access, this
-can cause issues when using a VPN. My preferred address method is using the 
+can cause issues when using a VPN. My preferred address method is using the
 10.*.*.0 subnet where the second and third quartet are birth dates or some
 other easily memorable number. i.e. 10.1.11.0 would be the first of November.
 This is more random and the chances of the same range on a public network is
 greatly reduced, however the address range is easily memorable.
 .. image:: images/ZenUK_image3.png
-	:scale: 100%
+	:width: 100%
-    
+
 .. image:: images/skyuk_lan_1.png
-	:scale: 100%
+	:width: 100%
 Once the LAN IPv4 address is set then all that remains in the LAN interface
 is to set the interface to use the assigned IPv6 prefix.
@ -117,7 +117,7 @@ requirement which this document does not cover, set the IPv6 Prefix ID
 to 0.
 .. image:: images/ZenUK_image4.png
-	:scale: 100%
+	:width: 100%
 Click ‘Save’ and then ‘Apply’.
@ -125,4 +125,3 @@ Setting up the IPv4 DHCP server is not covered in this document, but is
 required.
 It is advisable at this point to reboot the system.
--- a/source/manual/how-tos/cachingproxy.rst
+++ b/source/manual/how-tos/cachingproxy.rst
@ -3,7 +3,7 @@ Setup Caching Proxy
 ===================
 .. image:: images/proxy_basics.png
-    :scale: 100%
+    :width: 100%
 ----------------
 Enable / Disable
@ -36,7 +36,7 @@ To enable caching click on the arrow next to the **General Proxy Settings** to
 see the dropdown menu and click on **Local Cache Settings**.
 .. image:: images/proxy_cache.png
-    :scale: 100%
+    :width: 100%
 Check the **Enable local cache** and click **Apply**.
@ -137,7 +137,7 @@ Fill in:
 Looks like (screenshots of version 16.1.4):
 .. image:: images/proxy_blacklist.png
-    :scale: 100%
+    :width: 100%
 **Save changes**
@ -177,7 +177,7 @@ And one more rule to block HTTPS access:
 **Save** & **Apply changes**
 .. image:: images/proxy_firewall.png
-    :scale: 100%
+    :width: 100%
 -------------------------
 Configure Browser/Firefox
@ -186,7 +186,7 @@ To configure you browser for use with the proxy, just go to your network setting
 and configure a proxy like this in firefox:
 .. image:: images/proxy_firefox.png
-    :scale: 100%
+    :width: 100%
 For a set-for-step guide on full category based web filtering see :doc:`proxywebfilter`.
--- a/source/manual/how-tos/carp.rst
+++ b/source/manual/how-tos/carp.rst
@ -15,7 +15,7 @@ will be used for the internal network and 172.8.0.0/24 will be used to
 route our traffic to the internet.
 .. image:: ./images/900px-Carp_setup_example.png
-  :scale: 100%
+  :width: 100%
 When using CARP ( `FreeBSD handbook on CARP <https://www.freebsd.org/doc/handbook/carp.html>`__ ), all
 fail-safe interfaces should have a dedicated ip address which will be
--- a/source/manual/how-tos/cellular.rst
+++ b/source/manual/how-tos/cellular.rst
@ -40,11 +40,11 @@ If you need to enter a PIN number then click on **Advanced Options**
 Click **Save** to apply the settings.
 .. image:: images/4g_configure_ppp.png
-   :scale: 100%
+   :width: 100%
 .. image:: images/ppp_celular_configured.png
-   :scale: 100%
+   :width: 100%
 ---------------------------------
 Step 2 - Assign the WAN interface
@ -60,7 +60,7 @@ If everything went fine then your are all setup and the default gateway will be
 the one of you cellular connection.
 .. image:: images/Interface_assignment_4g.png
-   :scale: 100%
+   :width: 100%
 -------------------------
 Step 3 - Trouble shooting
--- a/source/manual/how-tos/cloud_backup.rst
+++ b/source/manual/how-tos/cloud_backup.rst
@ -101,7 +101,7 @@ Now we can put it all together, login to your OPNsense firewall and go
 to the backup feature (default : https://192.168.1.1/diag_backup.php )
 .. image:: ./images/600px-Google_Drive_Backup_screenshot.png
-  :scale: 100%
+  :width: 100%
 On the bottom of the page are the options for the Google Drive backup,
 enable the feature and fill in the parameters. Email address is acquired
--- a/source/manual/how-tos/edrop.rst
+++ b/source/manual/how-tos/edrop.rst
@ -53,7 +53,7 @@ Set the update frequency to 1 for each day.
 Press **Save** and then **Apply changes**.
 .. image:: images/spamhaus_drop_edrop.png
-    :scale: 100%
+    :width: 100%
 ---------------------------------------
 Step 2 - Firewall Rules Inbound Traffic
@ -87,7 +87,7 @@ Enter the following configuration and leave all other parameters on default valu
 =================== =============== =============================================
 .. image:: images/spamhaus_wan_rules.png
-    :scale: 100%
+    :width: 100%
 **Save**
@ -123,7 +123,7 @@ lower right corner.
 **Save** and **Apply changes**
 .. image:: images/spamhaus_lan.png
-    :scale: 100%
+    :width: 100%
 **DONE**
@ -134,4 +134,4 @@ To list the ip addresses that are currently in the DROP and EDROP lists go to
 **Firewall->Diagnostics->pfTables** and select the list you want to see:
 .. image:: images/spamhaus_pftable.png
-    :scale: 100%
+    :width: 100%
--- a/source/manual/how-tos/fwcategory.rst
+++ b/source/manual/how-tos/fwcategory.rst
@ -16,7 +16,7 @@ Then just add you category, if this is the first rule with a category no selecti
 options will be visible.
 .. image:: images/Rule_Category.png
-    :scale: 100%
+    :width: 100%
 ---------------------------------
 Firewall Rules Filter by category
@ -27,7 +27,7 @@ becomes visible at the bottom of the table.
 If you click it is will look like this:
 .. image:: images/Filter_by_Category.png
-    :scale: 100%
+    :width: 100%
 If you have a large number of categories, then just start typing and in search
 box to make a quick selection.
@ -38,7 +38,7 @@ Before Selection
 Take a look at this simple rule set before selecting our "My IP's" category.
 .. image:: images/Rules_Full.png
-    :scale: 100%
+    :width: 100%
 --------------------
 And after selection
@ -46,7 +46,7 @@ Take a look at this simple rule set before selecting our "My IP's" category.
 Now when selecting our  test category it will look like this:
 .. image:: images/Filter_Category_Result.png
-    :scale: 100%
+    :width: 100%
 That is all there is to it to organize your rules without messing anything up.
@ -59,4 +59,4 @@ This features makes it possible to select rules from more than one category.
 Example:
 .. image:: images/fw_category_multiselect.png
-    :scale: 100%
+    :width: 100%
--- a/source/manual/how-tos/guestnet.rst
+++ b/source/manual/how-tos/guestnet.rst
@ -6,7 +6,7 @@ Guest Networks are widely used to allow guests controlled internet access at
 hotels, RV Parks or businesses.
 .. image:: images/opnsense_hotspot_controller.png
-    :scale: 100%
+    :width: 100%
 .. Note::
    For the example we expect the GUESTNET interface to be connected with your
@ -190,7 +190,7 @@ Click **Save** and then **Apply changes**
 Your rules should look similar to the screenshot below:
 .. image:: images/guestnet_fwrules.png
-    :scale: 100%
+    :width: 100%
 ------------------------------
@ -232,13 +232,13 @@ Lets create a custom landing page, to do so click on the tab **Templates** and
 click on the download icon in the lower right corner ( |download| ).
 .. image:: images/template_download.png
-    :scale: 100%
+    :width: 100%
 Now download the default template, we will use this to create our own.
 Unpack the template zip file, you should have something similar to this:
 .. image:: images/template_filelisting.png
-    :scale: 100%
+    :width: 100%
 Most files of the template can be modified, but some are default and may not be
 changes. Upon upload any changes to the files listed in **exclude.list** will be
@ -247,7 +247,7 @@ ignored. Currently these include the bootstrap java scripting and some fonts.
 With the captive portal enabled the default screen looks like:
 .. image:: images/default_login_no_authenticator.png
-    :scale: 100%
+    :width: 100%
 Lets change this default with a new logo and a welcome message, to this:
@ -305,10 +305,10 @@ Enter a **Template Name**, for this example we use **Company**.
 Hit Upload ( |upload| )
 .. |download| image:: images/btn_download.png
-      :scale: 100%
+      :width: 100%
 .. |upload| image:: images/btn_upload.png
-      :scale: 100%
+      :width: 100%
 To enable the captive portal on the GUESTNET interface just click on **Apply**.
@ -393,7 +393,7 @@ After testing your result should be similar to this (if your internet connection
 has sufficient bandwidth).
 .. image:: images/cp-traffic-shaping.png
-    :scale: 100%
+    :width: 100%
 .. Note::
    Keep in mind we have only one connected client in this test, so all reserved
@ -431,7 +431,7 @@ Click on **Create Vouchers** in the lower right corner of the form.
 Lets create 1 Day vouchers for our guests:
 .. image:: images/create_vouchers.png
-    :scale: 100%
+    :width: 100%
 Enter the Validity (1 day), the number of Vouchers and a Groupname (Wifi day pass f.i.).
@ -474,7 +474,7 @@ the cvs data with word, open office or any other dtp/text editor.
 Create something like this:
 .. image:: images/cp_royalhotel_voucher.png
-    :scale: 100%
+    :width: 100%
 You can select a database to and remove it entirely. This way you can
 create a voucher database for the arrival date of guest per guest group
@ -501,7 +501,7 @@ When done click **Save changes** and the **Apply** to apply the new settings.
 Now users will see the login form as part of your template:
 .. image:: images/cp_voucher_login.png
-    :scale: 100%
+    :width: 100%
 --------------
 Check Sessions
@ -510,7 +510,7 @@ To check the active sessions go to **Services->Captive Portal->Sessions**
 Our current session looks like this:
 .. image:: images/cp_active_sessions.png
-    :scale: 100%
+    :width: 100%
 You can drop an active session by clicking on the trashcan.
@ -527,7 +527,7 @@ page of the captive portal (**Services->Captive Protal->Vouchers**) and select
 the correct database (Wifi day pass in our example).
 .. image:: images/cp_active_vouchers.png
-    :scale: 100%
+    :width: 100%
 .. Note::
    The state valid means it is activated but still valid.
@ -583,7 +583,7 @@ like this (shown with a bit of context):
      window.open("session_popup.html","Session Status & Logout","width=400, height=400");
 .. image:: images/captiveportal_popup.png
-    :scale: 100%
+    :width: 100%
 -----------------------------
 Advanced - CLI Session Status
@ -601,4 +601,4 @@ Type the following on the cli prompt to do so (for zone id 0):
 The output will be something similar to this:
 .. image:: images/cli_list_captiveportalsessions.png
-    :scale: 100%
+    :width: 100%
--- a/source/manual/how-tos/insight.rst
+++ b/source/manual/how-tos/insight.rst
@ -12,7 +12,7 @@ Insight is a fully integrated part of OPNsense. Its User Interface is simple yet
 powerful.
 .. image:: images/insight_gui.png
-   :scale: 100%
+   :width: 100%
 Insight offers a full set of analysis tools, ranging from a graphical overview to
@ -40,17 +40,17 @@ to compare usage with different interfaces.
 **Stacked**
 .. image:: images/stacked_view.png
-   :scale: 100%
+   :width: 100%
 **Stream**
 .. image:: images/stream_view.png
-   :scale: 100%
+   :width: 100%
 **Expanded**
 .. image:: images/expanded_view.png
-   :scale: 100%
+   :width: 100%
 Interfaces
 ----------
@ -74,10 +74,10 @@ view by clicking or double clicking on one of the shown port names/numbers.
 Clicking on a piece of the pie will open a detailed view for further analysis.
 .. image:: images/pie_piece.png
-   :scale: 100%
+   :width: 100%
 .. image:: images/pie_details.png
-   :scale: 100%
+   :width: 100%
 IP Addresses Pie Chart
@ -103,14 +103,14 @@ click on the tab **Details**.
 When opening the details view by clicking on the tab one can make a new query.
 .. image:: images/insight_details_view.png
-   :scale: 100%
+   :width: 100%
 After selecting a valid date range (form/to) and interface one can further limit
 the output by filtering on port or ip address. Select the refresh icon to update
 the detailed output. Leave Port and Address empty for a full detailed listing.
 .. image:: images/insight_full_details.png
-   :scale: 100%
+   :width: 100%
 -----------
@ -120,7 +120,7 @@ The **Export** view allows you to export the data for further analysis in your f
 spreadsheet or other data analysis application.
 .. image:: images/insight_export_view.png
-   :scale: 100%
+   :width: 100%
 To export data, select a **Collection** :
@ -134,4 +134,4 @@ Select the **Resolution** in seconds (300,3600,86400)
 Then select a date range (from/to) and click the **export** button.
 .. image:: images/insight_export.png
-   :scale: 100%
+   :width: 100%
--- a/source/manual/how-tos/installaws.rst
+++ b/source/manual/how-tos/installaws.rst
@ -2,7 +2,7 @@
 Installing OPNsense AWS image
 =============================
 .. image:: images/amazon-web-services.png
-    :scale: 100%
+    :width: 100%
 To apply for access to the OPNsense Amazon AWS EC2 cloud image, you need:
@ -24,7 +24,7 @@ Step 2 - Select Type
 Choose an instance type
 .. image:: images/aws_launch_new_image.png
-    :scale: 100%
+    :width: 100%
 ---------------------------------
 Step 3 - Configure security group
@ -32,7 +32,7 @@ Step 3 - Configure security group
 To configure security group, make sure you allow https access from your own network.
 .. image:: images/aws_configure_security_group.png
-    :scale: 100%
+    :width: 100%
 -------------------------
@ -40,7 +40,7 @@ Step 4 - Configure a disk
 -------------------------
 .. image:: images/aws_choose_disc.png
-    :scale: 100%
+    :width: 100%
 -----------------------------
@ -48,7 +48,7 @@ Step 5 - Review your settings
 -----------------------------
 .. image:: images/aws_review_settings.png
-    :scale: 100%
+    :width: 100%
 --------------------
 Step 6 - SSH keypair
@ -56,14 +56,14 @@ Step 6 - SSH keypair
 Select ssh keypair or skip, the ssh key isn’t used for OPNsense, ssh is disabled by default.
 .. image:: images/aws_ssh_keypair.png
-    :scale: 100%
+    :width: 100%
 ---------------------------
 Step 7 - Review status page
 ---------------------------
 .. image:: images/aws_status.png
-    :scale: 100%
+    :width: 100%
 ----------------------
 Step 8 - AWS instances
@ -71,7 +71,7 @@ Step 8 - AWS instances
 Go to your AWS instances
 .. image:: images/aws_instances.png
-    :scale: 100%
+    :width: 100%
 Select the image, go to “image settings” then “get system log” to obtain the
 initial password
@ -82,14 +82,14 @@ Step 9 - Initial root password
 Copy your initial root password (line ** set initial….)
 .. image:: images/aws_capture_initial_password.png
-    :scale: 100%
+    :width: 100%
 --------------------------------
 Step 10 - Search current address
 --------------------------------
 .. image:: images/aws_search_current_ip.png
-    :scale: 100%
+    :width: 100%
 Login to OPNsense using the address provided.
--- a/source/manual/how-tos/ips-feodo.rst
+++ b/source/manual/how-tos/ips-feodo.rst
@ -17,7 +17,7 @@ Prerequisites
  **System->Firmware: Fetch updates**
 .. image:: images/firmware.png
-    :scale: 100%
+    :width: 100%
 * Minimum Advisable Memory is 2 Gigabyte and sufficient free disk space for
  logging (>10GB advisable).
@ -26,7 +26,7 @@ Prerequisites
  Under **Interface-Settings**
 .. image:: images/disable_offloading.png
-    :scale: 100%
+    :width: 100%
 .. warning::
@ -48,7 +48,7 @@ detection system too run on. For our example we will use the WAN interface, as
 that will most likely be you connection with the public Internet.
 ..  image:: images/idps.png
-    :scale: 100%
+    :width: 100%
 -------------------
 Apply configuration
@ -57,7 +57,7 @@ First apply the configuration by pressing the **Apply** button at the bottom of
 the form.
 .. image:: images/applybtn.png
-    :scale: 100%
+    :width: 100%
 ---------------
 Fetch Rule sets
@ -66,12 +66,12 @@ For this example we will only fetch the abuse.ch SSL & Dodo Tracker rulesets.
 To do so: select Enabled after each one.
 .. image:: images/rulesets_enable.png
-    :scale: 100%
+    :width: 100%
 To download the rule sets press **Download & Update Rules**.
 .. image:: images/downloadbtn.png
-    :scale: 100%
+    :width: 100%
 -----------------------
 Change default behavior
@ -80,12 +80,12 @@ Now click on the info button   right after each rule and change Input Filter
 from none to drop actions.
 .. image:: images/changefilter.png
-    :scale: 100%
+    :width: 100%
 When done it should like this:
 .. image:: images/rulesdrop.png
-    :scale: 100%
+    :width: 100%
 ------------------------
 Apply fraud drop actions
@ -93,7 +93,7 @@ Apply fraud drop actions
 Now press **Download & Update Rules** again to change the behavior to drop.
 .. image:: images/downloadbtn.png
-    :scale: 100%
+    :width: 100%
 ---------------
 Keep up to date
@ -103,7 +103,7 @@ Now schedule a regular fetch to keep your server up to date.
 Click on schedule, a popup window will appear:
 .. image:: images/schedule.png
-    :scale: 100%
+    :width: 100%
 Select **enabled** and choose a time. For the example it is set to each day at 11:12.
 Select **Save changes** and wait until you have returned to the IDS screen.
@ -122,4 +122,4 @@ Currently there is no test service available to check your block rules against,
 however here is a sample of an actual alert that has been blocked:
 .. image:: images/alerts.jpg
-    :scale: 100%
+    :width: 100%
--- a/source/manual/how-tos/ips-geoip.rst
+++ b/source/manual/how-tos/ips-geoip.rst
@ -14,7 +14,7 @@ Prerequisites
  **System->Firmware: Fetch updates**
 .. image:: images/firmware.png
-    :scale: 100%
+    :width: 100%
 * Minimum Advisable Memory is 2 Gigabyte and sufficient free disk space for
  logging (>10GB advisable).
@ -23,7 +23,7 @@ Prerequisites
  Under **Interface-Settings**
 .. image:: images/disable_offloading.png
-    :scale: 100%
+    :width: 100%
 .. warning::
@ -51,7 +51,7 @@ Select |add| to add a new rule.
 Select Country:
 .. image:: images/ips_rule_add_geoip.png
-    :scale: 100%
+    :width: 100%
 We selected **Netherlands(not)** as this server needs to be accessible within
 The Netherlands, this will drop all other traffic in both directions.
@ -59,12 +59,12 @@ The Netherlands, this will drop all other traffic in both directions.
 Select the Action (Alert or Drop):
 .. image:: images/ips_action.png
-    :scale: 100%
+    :width: 100%
 Add a description:
 .. image:: images/ips_description_country.png
-    :scale: 100%
+    :width: 100%
 And click **Save changes** |save|
@ -79,7 +79,7 @@ detection system too run on. For our example we will use the WAN interface, as
 that will most likely be you connection with the public Internet.
 ..  image:: images/idps.png
-    :scale: 100%
+    :width: 100%
 -------------------
 Apply configuration
@ -87,13 +87,13 @@ Apply configuration
 If this is the first GeoIP rule you add then you need to **Download & Update Rules**
 .. image:: images/downloadbtn.png
-    :scale: 100%
+    :width: 100%
 Then apply the configuration by pressing the **Apply** button at the bottom of
 the form.
 .. image:: images/applybtn.png
-    :scale: 100%
+    :width: 100%
 ------------
@ -102,7 +102,7 @@ Sample Alert
 See a sample of an alert message below.
 .. image:: images/ips_geoip_alert.png
-    :scale: 100%
+    :width: 100%
 .. |save| image:: images/ips_save.png
--- a/source/manual/how-tos/ips-sslfingerprint.rst
+++ b/source/manual/how-tos/ips-sslfingerprint.rst
@ -13,7 +13,7 @@ Prerequisites
  **System->Firmware: Fetch updates**
 .. image:: images/firmware.png
-    :scale: 100%
+    :width: 100%
 * Minimum Advisable Memory is 2 Gigabyte and sufficient free disk space for
  logging (>10GB advisable).
@ -22,7 +22,7 @@ Prerequisites
  Under **Interface-Settings**
 .. image:: images/disable_offloading.png
-    :scale: 100%
+    :width: 100%
 .. warning::
@ -58,13 +58,13 @@ next to the address : |lock|.
 Now you will see something similar to:
 .. image:: images/facebook_click.png
-    :scale: 100%
+    :width: 100%
 Click on the arrow ( **>** ) and then Select **More Information**
 Now open the certificate details and you will see something that looks like this:
 .. image:: images/certificate.png
-    :scale: 100%
+    :width: 100%
 Copy the SHA1 certificate fingerprint (A0:4E:AF:B3:48:C2:6B:15:A8:C1:AA:87:A3:33:CA:A3:CD:EE:C9:C9).
@ -72,17 +72,17 @@ Copy the SHA1 certificate fingerprint (A0:4E:AF:B3:48:C2:6B:15:A8:C1:AA:87:A3:33
 Paste this into the new rule:
 .. image:: images/ips_rule_details.png
-    :scale: 100%
+    :width: 100%
 Select the Action (Alert or Drop):
 .. image:: images/ips_action.png
-    :scale: 100%
+    :width: 100%
 Add a description:
 .. image:: images/ips_description.png
-    :scale: 100%
+    :width: 100%
 And click **Save changes** |save|
@ -97,7 +97,7 @@ detection system too run on. For our example we will use the WAN interface, as
 that will most likely be you connection with the public Internet.
 ..  image:: images/idps.png
-    :scale: 100%
+    :width: 100%
 -------------------
 Apply configuration
@ -106,7 +106,7 @@ First apply the configuration by pressing the **Apply** button at the bottom of
 the form.
 .. image:: images/applybtn.png
-    :scale: 100%
+    :width: 100%
 ----------------------------
 Clear Browser Cache and test
@ -115,7 +115,7 @@ Since your browser has cached the ssl certificate you will need to clear your
 cache first. After that you can test and will see the following in **Alerts**:
 .. image:: images/ips_facebook_alert.png
-    :scale: 100%
+    :width: 100%
 .. Note::
--- a/source/manual/how-tos/ipsec-road.rst
+++ b/source/manual/how-tos/ipsec-road.rst
@ -83,13 +83,13 @@ To allow IPsec Tunnel Connections, the following should be allowed on WAN.
 * UDP Traffic on Port 4500 (NAT-T)
 .. image:: images/ipsec_wan_rules.png
-    :scale: 100%
+    :width: 100%
 To allow traffic passing to your LAN subnet you need to add a rule to the IPsec
 interface.
 .. image:: images/ipsec_ipsec_lan_rule.png
-    :scale: 100%
+    :width: 100%
 -----------------------
 Step 1 - Mobile Clients
@ -163,12 +163,12 @@ Advanced Options
 Save your setting by pressing:
 .. image:: images/btn_save.png
-    :scale: 100%
+    :width: 100%
 Now you should see the following screen:
 .. image:: images/ipsec_road_vpn_p1a.png
-    :scale: 100%
+    :width: 100%
 -------------------------------
@ -177,12 +177,12 @@ Step 3 - Phase 2 Mobile Clients
 Press the button that says '+ Show 0 Phase-2 entries'
 .. image:: images/ipsec_s2s_vpn_p1a_show_p2.png
-    :scale: 100%
+    :width: 100%
 You will see an empty list:
 .. image:: images/ipsec_s2s_vpn_p1a_p2_empty.png
-    :scale: 100%
+    :width: 100%
 Now press the *+* at the right of this list to add a Phase 2 entry.
@ -212,29 +212,29 @@ Phase 2 proposal (SA/Key Exchange)
 Save your setting by pressing:
 .. image:: images/btn_save.png
-    :scale: 100%
+    :width: 100%
 -----------------------------
 Enable IPsec, Select:
 .. image:: images/ipsec_s2s_vpn_p1a_enable.png
-    :scale: 100%
+    :width: 100%
 Save:
 .. image:: images/btn_save.png
-    :scale: 100%
+    :width: 100%
 And Apply changes:
 .. image:: images/ipsec_s2s_vpn_p1a_apply.png
-    :scale: 100%
+    :width: 100%
 ------------------
 .. image:: images/ipsec_s2s_vpn_p1a_success.png
-    :scale: 100%
+    :width: 100%
 -----------------------------
@ -282,24 +282,24 @@ Add a new network by pressing the + in the lower left corner.
 Now select **VPN** and **Cisco IPSec**, give your connection a name and press **Create**.
 .. image:: images/osx-ipsec-new.png
-    :scale: 100%
+    :width: 100%
 Now enter the details for our connection:
 .. image:: images/osx-ipsec-conf1.png
-    :scale: 100%
+    :width: 100%
 Next press **Authentication Settings** to add the group name and pre-shared key.
 .. image:: images/osx-ipsec-conf2.png
-    :scale: 100%
+    :width: 100%
 Press **OK** to save these settings and then **Apply** to apply them.
 Now test the connection by selecting it from the list and hit **Connect**.
 .. image:: images/osx-ipsec-connected.png
-    :scale: 100%
+    :width: 100%
 **Done**
--- a/source/manual/how-tos/ipsec-s2s.rst
+++ b/source/manual/how-tos/ipsec-s2s.rst
@ -181,7 +181,7 @@ sites:
 * UDP Traffic on Port 4500 (NAT-T)
 .. image:: images/ipsec_wan_rules.png
-    :scale: 100%
+    :width: 100%
 .. Note::
@ -191,7 +191,7 @@ To allow traffic passing to your LAN subnet you need to add a rule to the IPsec
 interface.
 .. image:: images/ipsec_ipsec_lan_rule.png
-    :scale: 100%
+    :width: 100%
 -----------------------
 Step 1 - Phase 1 Site A
@ -245,12 +245,12 @@ Advanced Options
 Save your setting by pressing:
 .. image:: images/btn_save.png
-    :scale: 100%
+    :width: 100%
 Now you should see the following screen:
 .. image:: images/ipsec_s2s_vpn_p1a_4.png
-    :scale: 100%
+    :width: 100%
 -----------------------
@ -259,12 +259,12 @@ Step 2 - Phase 2 Site A
 Press the button that says '+ Show 0 Phase-2 entries'
 .. image:: images/ipsec_s2s_vpn_p1a_show_p2.png
-    :scale: 100%
+    :width: 100%
 You will see an empty list:
 .. image:: images/ipsec_s2s_vpn_p1a_p2_empty.png
-    :scale: 100%
+    :width: 100%
 Now press the *+* at the right of this list to add a Phase 2 entry.
@ -302,29 +302,29 @@ Phase 2 proposal (SA/Key Exchange)
 Save your setting by pressing:
 .. image:: images/btn_save.png
-    :scale: 100%
+    :width: 100%
 -----------------------------
 Enable IPsec for Site A, Select:
 .. image:: images/ipsec_s2s_vpn_p1a_enable.png
-    :scale: 100%
+    :width: 100%
 Save:
 .. image:: images/btn_save.png
-    :scale: 100%
+    :width: 100%
 And Apply changes:
 .. image:: images/ipsec_s2s_vpn_p1a_apply.png
-    :scale: 100%
+    :width: 100%
 ------------------
 .. image:: images/ipsec_s2s_vpn_p1a_success.png
-    :scale: 100%
+    :width: 100%
 **You are done configuring Site A.**
@ -382,12 +382,12 @@ Advanced Options
 Save your setting by pressing:
 .. image:: images/btn_save.png
-    :scale: 100%
+    :width: 100%
 Now you should see the following screen:
 .. image:: images/ipsec_s2s_vpn_p1b_4.png
-    :scale: 100%
+    :width: 100%
 -----------------------
@ -401,7 +401,7 @@ Press the button that says '+ Show 0 Phase-2 entries'
 You will see an empty list:
 .. image:: images/ipsec_s2s_vpn_p1a_p2_empty.png
-    :scale: 100%
+    :width: 100%
 Now press the *+* at the right of this list to add a Phase 2 entry.
@ -441,29 +441,29 @@ Phase 2 proposal (SA/Key Exchange)
 Save your setting by pressing:
 .. image:: images/btn_save.png
-    :scale: 100%
+    :width: 100%
 -----------------------------
 Enable IPsec for Site B, Select:
 .. image:: images/ipsec_s2s_vpn_p1a_enable.png
-    :scale: 100%
+    :width: 100%
 Save:
 .. image:: images/btn_save.png
-    :scale: 100%
+    :width: 100%
 And Apply changes:
 .. image:: images/ipsec_s2s_vpn_p1a_apply.png
-    :scale: 100%
+    :width: 100%
 -----------------------------
 .. image:: images/ipsec_s2s_vpn_p1a_success.png
-    :scale: 100%
+    :width: 100%
 **You are done configuring Site B.**
@ -477,7 +477,7 @@ Go to **VPN->IPsec->Status Overview** to see current status.
 Press on the **(i)** to see the details of the phase 2 tunnel(s), like this:
 .. image:: images/ipsec_status.png
-    :scale: 100%
+    :width: 100%
 .. Note::
@ -491,7 +491,7 @@ cross-cable between the WAN ports.
 .. image:: images/OPN20322R_870px.png
   :target: https://www.deciso.com/product-catalog/opn20322r/
-   :scale: 100%
+   :width: 100%
 To route traffic the WAN interfaces have been configured to use a /16 segment and
 they are each others default gateway. Other than that the sample is equal to this
--- a/source/manual/how-tos/ipv6_tunnelbroker.rst
+++ b/source/manual/how-tos/ipv6_tunnelbroker.rst
@ -34,7 +34,7 @@ individual /64 slices to each network. Once configured, your tunnel settings
 should look like this:
 .. image:: images/tunnelbroker_setup.png
-  :scale: 100%
+  :width: 100%
 -----------------------
 Step 1 - Add GIF tunnel
@ -61,7 +61,7 @@ Use the following settings and copy in the IPv4&6 addresses from your TunnelBrok
  Make sure to include the **/64** prefixes!
 .. image:: images/opnsense_add_gif.png
-   :scale: 100%
+   :width: 100%
 ----------------------------------------------------
 Step 2 - Configure the GIF tunnel as a new interface
@ -88,7 +88,7 @@ have servers on LAN whereas most of my clients are on WLAN (Wireless LAN).
 I block all incoming to LAN and WLAN. Of course, outbound connections are fine.
 .. image:: images/tunnelbroker_fw_rules.png
-   :scale: 100%
+   :width: 100%
 --------------------------------
 Step 4 - Configure LAN interface
@ -100,7 +100,7 @@ because it's the very same. You'll repeat the same process for further networks,
 but assigning the next interface a separate **/64** address.
 .. image:: images/tunnelbroker_configure_lan.png
-   :scale: 100%
+   :width: 100%
 -------------------------------
 Step 5 - Configure DHCPv6 SLAAC
@ -114,7 +114,7 @@ Router Advertisements sub tab on that same page. Set the **Router Advertisements
 setting to *Assisted* and the **Router Priority** setting to *Normal*.
 .. image:: images/tunnelbroker_dhcpv6.png
-   :scale: 100%
+   :width: 100%
 Save your settings.
--- a/source/manual/how-tos/orange_fr_fttp.rst
+++ b/source/manual/how-tos/orange_fr_fttp.rst
@ -15,39 +15,39 @@ The guide deals with just the internet connection. Setting up of TV or Phone is
 Orange requires that the WAN is configured over VLAN 832. So the first step is to set up the VLAN on the intended WAN nic as shown below
-
.. image:: images/OF_image0.png
+.. image:: images/OF_image0.png
-	:scale: 100%
+	:width: 100%
-and the WAN interface assignment should hence look something like this 
+and the WAN interface assignment should hence look something like this
 .. image:: images/OF_image1.png
-	:scale: 100% 
+	:width: 100%
 **Configuring the WAN Interface**
 ---------------------------------
-In order to establish the IPv4 and IPv6 connection Orange requires that the correct parameters are passed for the DHCP and DHCP6 
+In order to establish the IPv4 and IPv6 connection Orange requires that the correct parameters are passed for the DHCP and DHCP6
 requests respectively
 select options DHCP and DHCPv6 in general configuration
 .. image:: images/OF_image2.png
-	:scale: 100% 
+	:width: 100%
 **On the DHCP request it is a requirement to pass the following:**
 * dhcp-class-identifier "sagem"
 * user-class "+FSVDSL_livebox.Internet.softathome.Livebox3"
-* option-90 00:00:00:00:00:00:00:00:00:00:00:66:74:69:2f:65:77:74:FF:AB:XX:XX 
+* option-90 00:00:00:00:00:00:00:00:00:00:00:66:74:69:2f:65:77:74:FF:AB:XX:XX
  (hex conversion of the the userid supplied by Orange which looks like fti/xxxxxxx)
 .. Note::
    The eleven leading hex 00 pairs to be prefixed to the converted userID
-These parameters should be passed as comma separated options in the 'Send Options' area of there WAN DHCP request 
+These parameters should be passed as comma separated options in the 'Send Options' area of there WAN DHCP request
 .. image:: images/OF_image3.png
-	:scale: 100% 
+	:width: 100%
 .. Note::
    It is necessary to specify the following 'Request Options'
@ -61,25 +61,25 @@ These parameters should be passed as comma separated options in the 'Send Option
 * domain-name-servers
 * option-90
-These parameters should be passed as comma separated options in the 'Request Options' area of there WAN DHCP request 
+These parameters should be passed as comma separated options in the 'Request Options' area of there WAN DHCP request
 Now for the regional specific part.
-Some areas of France require that the DHCP and DHCP6 requests are made with a VLAN-PCP of 6. If you are in one of these regions then 
+Some areas of France require that the DHCP and DHCP6 requests are made with a VLAN-PCP of 6. If you are in one of these regions then
-this can be done via the 'Option Modifiers'. 
+this can be done via the 'Option Modifiers'.
 .. Note::
    The vlan-parent is the physical WAN interface - igb0, em0 etc.
 .. image:: images/OF_image4.png
-	:scale: 100% 
+	:width: 100%
 On the DHCP6 request we need to use raw options
-Firstly select 'Advanced' and your region needs a VLAN-PCP set it via 'Use VLAN priority' 
+Firstly select 'Advanced' and your region needs a VLAN-PCP set it via 'Use VLAN priority'
 .. image:: images/OF_image5.png
-	:scale: 100% 
+	:width: 100%
 then add the following options in the 'Send Options' field
@ -87,7 +87,7 @@ then add the following options in the 'Send Options' field
 * raw-option 6 00:0b:00:11:00:17:00:18
 * raw-option 15 00:2b:46:53:56:44:53:4c:5f:6c:69:76:65:62:6f:78:2e:49:6e:74:65:72:6e:65:74:2e:73:6f:66:74:61:74:68:6f:6d:65:2e:6c:69:76:65:62:6f:78:33
 * raw-option 16 00:00:04:0e:00:05:73:61:67:65:6d
-* raw-option 11 00:00:00:00:00:00:00:00:00:00:00:66:74:69:2f:65:77:74:FF:AB:XX:XX 
+* raw-option 11 00:00:00:00:00:00:00:00:00:00:00:66:74:69:2f:65:77:74:FF:AB:XX:XX
  (hex conversion of the the userid supplied by Orange which looks like fti/xxxxxxx)
 .. Note::
@ -96,7 +96,7 @@ then add the following options in the 'Send Options' field
 Finally set the Identity Association and Prefix interface as shown
 .. image:: images/OF_image6.png
-	:scale: 100% 
+	:width: 100%
 Click ‘Save’ and then ‘Apply’.
@ -109,19 +109,15 @@ Select Interfaces->LAN and set IPV4 to "Static IPv4" and IPv6 Configuration Type
 Interface’
 .. image:: images/OF_image7.png
-	:scale: 100% 
+	:width: 100%
 Finally, set the Track IPv6 Interface to WAN and set the IPv4 address to your chosen address.
 .. image:: images/OF_image8.png
-	:scale: 100% 
+	:width: 100%
 Click ‘Save’ and then ‘Apply’.
 It is advisable at this point to reboot the system.
--- a/source/manual/how-tos/proxyicapantivirus.rst
+++ b/source/manual/how-tos/proxyicapantivirus.rst
@ -17,7 +17,7 @@ support ICAP will work just as well.
    forms of infection such as through emails or usb stick.
 .. image:: images/SPE_home.png
-    :scale: 100%
+    :width: 100%
 Step 1 - Setup the Proxy
 ------------------------
@ -36,7 +36,7 @@ full installation and configuration instructions.
 We installed the Engine for Web Proxy purpose and enabled ICAP with its default settings.
 .. image:: images/SPE_ICAP.png
-    :scale: 100%
+    :width: 100%
 Step 4 - Connect the Engine
 ---------------------------
--- a/source/manual/how-tos/proxytransparent.rst
+++ b/source/manual/how-tos/proxytransparent.rst
@ -37,7 +37,7 @@ A simple way to add the NAT/Firewall Rule is to click on the **(i)** icon on the
 left of the **Enable Transparent HTTP proxy** option and click on **add a new firewall rule**.
 .. image:: images/screenshot_enable_transparent_http.png
-    :scale: 100%
+    :width: 100%
 **For reference, these are the default settings:**
@ -65,7 +65,7 @@ Authority. Go to **System->Trust->Authorities** or use the search box to get the
 fast.
 .. image:: images/search_ca.png
-    :scale: 100%
+    :width: 100%
 Click on **add or import ca** in the upper right corner of the screen to create
 a new CA.
@ -121,7 +121,7 @@ A simple way to add the NAT/Firewall Rule is to click on the **(i)** icon on the
 left of the **Enable SSL mode** option and click on **add a new firewall rule**.
 .. image:: images/screenshot_enable_transparent_http.png
-    :scale: 100%
+    :width: 100%
 **For reference, these are the default settings:**
@ -151,13 +151,13 @@ certificate for each page manually, but for some pages that may not work well un
 not bumped.
 .. image:: images/export_CA_cert.png
-    :scale: 100%
+    :width: 100%
 Import and change trust settings on your favorite OS. Per example on OSX it looks
 like this:
 .. image:: images/Trust_Settings_OSX.png
-    :scale: 100%
+    :width: 100%
 .. Warning::
    Again be very careful with this as your system will accept any page signed with
@ -171,7 +171,7 @@ like this:
    connection against man in the middle attacks otherwise trusted certificates.
    If you want to make the connection work again, you have to whitelist the following
    Google domains in your "No Bump Hosts" settings.
-    
+
    * Your local Google domain (for example: google.at for Austria, google.de for Germany, …)
    * .google.com
    * .googleapis.com
--- a/source/manual/how-tos/proxywebfilter.rst
+++ b/source/manual/how-tos/proxywebfilter.rst
@ -54,7 +54,7 @@ The URL of the full compressed UT1 category based list is:
  ftp://ftp.ut-capitole.fr/pub/reseau/cache/squidguard_contrib/blacklists.tar.gz
 .. image:: images/proxy_ut1.png
-    :scale: 100%
+    :width: 100%
 Press **Save Changes**.
@ -72,13 +72,13 @@ to the description of the list. This will open the edit window again, but now yo
 will see all available categories extracted from the list.
 .. image:: images/proxy_categories.png
-    :scale: 100%
+    :width: 100%
 For our example we will filter ads and adult content. The easiest way to do so is
 clear the list and select the following from the drop down list:
 .. image:: images/proxy_catgegory.png
-    :scale: 100%
+    :width: 100%
 Now **Save changes** and press **Download ACLs** again to download and reconstruct
 the list with only the selected categories. This will take roughly the same amount
@ -128,4 +128,4 @@ And one more rule to block HTTPS access:
 **Save** & **Apply changes**
 .. image:: images/proxy_firewall.png
-    :scale: 100%
+    :width: 100%
--- a/source/manual/how-tos/self-signed-chain.rst
+++ b/source/manual/how-tos/self-signed-chain.rst
@ -13,7 +13,7 @@ Look at the default install, one certificate is created for the webgui/dashboard
 nothing wrong with that certificate if we use a real world CA, but we do not. We
 create our own chain so that one has no purpose once done.
-Should you even consider using **self-signed certificate chains** in this age of free available 
+Should you even consider using **self-signed certificate chains** in this age of free available
 certificates?
   * Self-signed certificate are just as secure as real world certificates.
@ -32,7 +32,7 @@ What you should know about self-signed certificates:
   * They are **only** as trustworty as the person, company or organization signing it.
   * Using these certificates **can** be a security risk if you are the one trusting them and not a CA.
-A chain will need at least a CA and certificate; an intermediate CA is not needed, but in case of a 
+A chain will need at least a CA and certificate; an intermediate CA is not needed, but in case of a
 compromise the CA key would be compromised too.
 The chain we are going to create will be made with the following ingredients:
@ -43,7 +43,7 @@ The chain we are going to create will be made with the following ingredients:
 .. Note::
-    This document uses **CN - Common Name** should be read as: **SAN - Subject Alternative Name** and 
+    This document uses **CN - Common Name** should be read as: **SAN - Subject Alternative Name** and
    will be used if present.
 Please backup before you proceed.
@ -79,7 +79,7 @@ When you are done save the form, the CA is now generated.
 ====================== =================================== ========================================
 .. image:: images/CA.png
-   :scale: 15%
+   :width: 15%
 .. Tip::
@ -103,7 +103,7 @@ Have a look at the form, create an intermediate CA and save it.
 ====================== =================================== ========================================
 .. image:: images/CA-inter.png
-   :scale: 15%
+   :width: 15%
 The Certificate
 ---------------
@ -122,7 +122,7 @@ Have a look at the next form and notice the common name, create a server certifi
 ====================== =================================== ========================================
 .. image:: images/webgui-cert.png
-   :scale: 15%
+   :width: 15%
 .. Tip::
@ -141,7 +141,7 @@ Now we need to start using the chain:
  * Go back to the dashboard & open **System/Settings/Administration**
  * Set **SSL-Certificate** to use the new server certificate.
-Open your browser and open the OPNsense/webgui page. You should be presented with a certificate that is 
+Open your browser and open the OPNsense/webgui page. You should be presented with a certificate that is
 verified by your intermediate CA.
@ -167,7 +167,7 @@ Go ahead and create a new chain **CA -- intermediate CA -- server cert.**.
 .. Tip::
-    | You can check if **ca-root-nss** has changed: 
+    | You can check if **ca-root-nss** has changed:
    | Do a health check before you add the CA.
    | If the check was okay add the CA to the store.
    | Create a new checksum & save it :
@ -189,7 +189,7 @@ Go to **Trust/Authorities** create a new CA for Nextcloud and save it.
 ====================== =================================== ========================================
 .. image:: images/CA-cloud.png
-   :scale: 15%
+   :width: 15%
 OPNsense needs to be made aware of the Nextcloud chain we are creating.
@ -231,7 +231,7 @@ Go to **Trust/Authorities** and create an intermediate CA.
 ====================== =================================== ========================================
 .. image:: images/CA-cloud-inter.png
-   :scale: 15%
+   :width: 15%
 Download the intermediate CA and install it to your browser:
@ -253,7 +253,7 @@ Go to **Trust/Certificates** create a server certificate.
 ====================== =================================== ========================================
 .. image:: images/cloud-cert.png
-   :scale: 15%
+   :width: 15%
 We need to install this certificate and key to our Nextcloud server, two ways are shown here.
@ -266,10 +266,10 @@ We need to install this certificate and key to our Nextcloud server, two ways ar
   openssl pkcs12 -in nextcloud-crt.p12 -nodes -out nextcloud.key -nocerts
   openssl pkcs12 -in nextcloud-crt.p12 -clcerts -nokeys -out nextcloud.pem
   cp nextcloud.pem nextcloud.crt
-   
+
 -  * Or use the next quick and dirty method for a single key/certificate file:
   * Upload the ***.p12**  archive to your Nextcloud server, in a safe way..
-   * Extact the archive into a single **PEM** file and create a certificate. 
+   * Extact the archive into a single **PEM** file and create a certificate.
 ::
@ -278,7 +278,7 @@ We need to install this certificate and key to our Nextcloud server, two ways ar
 -  * **/etc/ssl/localcerts** will be alright for the certificate or choose your own prefered location.
   * If the key was extracted separatly, **/etc/ssl/private** would be a good choice.
-   * Be sure to set sane permissions on the private directory, ``700`` would do it. 
+   * Be sure to set sane permissions on the private directory, ``700`` would do it.
   * You could set ``umask`` too (see) ``man umask`` - on your Linux box.
   * Edit the webserver config to use the certificate and key or single key-cert file.
   * Sane permissions, ``400`` read only owner is sufficent.
--- a/source/manual/how-tos/shaper.rst
+++ b/source/manual/how-tos/shaper.rst
@ -176,7 +176,7 @@ Now press |apply| to activate the traffic shaping rules.
 *Screenshot Rules*
 .. image:: images/shaping_rules_s1.png
-    :scale: 100%
+    :width: 100%
 .. |apply| image:: images/applybtn.png
@ -308,7 +308,7 @@ Now press |apply| to activate the traffic shaping rules.
 *Screenshot Rules*
 .. image:: images/shaping_rules_s2.png
-    :scale: 100%
+    :width: 100%
 ------------------------
 Limit bandwidth per user
@ -392,7 +392,7 @@ Now press |apply| to activate the traffic shaping rules.
 *Screenshot Rules*
 .. image:: images/shaping_rules_s3.png
-    :scale: 100%
+    :width: 100%
 -----------------------
 Prioritize using Queues
@ -522,7 +522,7 @@ Now press |apply| to activate the traffic shaping rules.
 *Screenshot Rules*
 .. image:: images/shaping_rules_s4.png
-  :scale: 100%
+  :width: 100%
 --------------------------------------
 Multi Interface shaping for a GuestNet
--- a/source/manual/how-tos/sslvpn_client.rst
+++ b/source/manual/how-tos/sslvpn_client.rst
@ -3,7 +3,7 @@ Setup SSL VPN Road Warrior
 ==========================
 .. image:: images/sslvpn_image_new.png
-   :scale: 100%
+   :width: 100%
 Road Warriors are remote users who need secure access to the companies infrastructure.
 OPNsense uses OpenVPN for its SSL VPN Road Warrior setup and offers OTP (One Time Password)
@ -107,7 +107,7 @@ and click on **Add server** in the top right corner of the form.
  configuration. Try it by typing *Ac...* and see for yourself:
  .. image:: images/qs-access_server.png
-     :scale: 100%
+     :width: 100%
     :align: center
 Now first change the **Type** to **Local + Timebased One time Password**
@ -207,7 +207,7 @@ For the first step we enter:
 Click **Save** and you will be redirected to the User page.
 Now we will activate your newly created seed with your Google Authenticator
-compatible app. To do so click in the **Click to unhide** button in the 
+compatible app. To do so click in the **Click to unhide** button in the
 **OTP QR code** row and you will get a QR code to scan with your smartphone.
 See also: :doc:`/manual/how-tos/two_factor`
@ -280,7 +280,7 @@ For our example will use the following settings:
 Click **Save** to add the new server.
 .. image:: images/sslvpn_server.png
-   :scale: 100%
+   :width: 100%
 ----------------------
@ -293,14 +293,14 @@ port on the WAN interface. When using multiple servers we need to open up each p
 For our configuration we only use one server accessible on udp port 1194.
 .. image:: images/sslvpn_wan_rule.png
-    :scale: 100%
+    :width: 100%
 Next we also need to allow traffic from the VPN clients to our LAN interface.
 For our example we will allow client to access anything on our local area network,
 however you may decide just to allow traffic to one or more servers.
 .. image:: images/sslvpn_openvpn_rule.png
-    :scale: 100%
+    :width: 100%
 -----------------------------
@ -324,25 +324,25 @@ to open the file with search and select Viscosity.
 Some sample screenshots (Mac OSX):
 .. image:: images/viscosity_files.png
-   :scale: 100%
+   :width: 100%
 **Import Configuration**
 .. image:: images/viscosity_imported.png
-   :scale: 100%
+   :width: 100%
 **Connect & login**
 In the password field enter your TOTP token first followed by your password.
 .. image:: images/viscosity_login.png
-   :scale: 100%
+   :width: 100%
 **Connected**
 .. image:: images/viscosity_connected.png
-   :scale: 100%
+   :width: 100%
 -----------------------------
@ -400,4 +400,4 @@ exactly the same as before, the only difference is that each user requires a Use
 and therefore their own configuration.
 .. image:: images/sslvpn_client_certificate.png
-   :scale: 100%
+   :width: 100%
--- a/source/manual/how-tos/sslvpn_s2s.rst
+++ b/source/manual/how-tos/sslvpn_s2s.rst
@ -212,7 +212,7 @@ For our example will use the following settings (leave everything else on its de
    Click **Save** to add the new server.
    .. image:: images/sslvpn_server.png
-       :scale: 100%
+       :width: 100%
 ----------------------
@ -261,14 +261,14 @@ port on the WAN interface. When using multiple servers we need to open up each p
 For our configuration we only use one server accessible on UDP port 1194.
 .. image:: images/sslvpn_wan_rule.png
-    :scale: 100%
+    :width: 100%
 Next we also need to allow traffic from the VPN client network (192.168.2.0/24).
 For our example we will allow client to access anything on our local network(s),
 however you may decide just to allow traffic to one or more IP's.
 .. image:: images/sslvpn_openvpn_rule.png
-    :scale: 100%
+    :width: 100%
 **You are done configuring Site A.**
@ -308,7 +308,7 @@ Now click on **Save**  to apply your settings.
 The Connection Status can be viewed under **VPN->OpenVPN->Connection Status**
 .. image:: images/sslvpn_connection_status.png
-   :scale: 100%
+   :width: 100%
 ------------------------------
 Step 5 - Client Firewall Rules
@ -317,7 +317,7 @@ To allow traffic from the remote network just add a rule under **Firewall->Rules
 OpenVPN tab.
 .. image:: images/sslvpn_firewall_rule_client.png
-   :scale: 100%
+   :width: 100%
 **Done**
--- a/source/manual/how-tos/two_factor.rst
+++ b/source/manual/how-tos/two_factor.rst
@ -6,7 +6,7 @@ using OPNsense and Google's Authenticator. All services of OPNsense can be used
 with this 2FA solution.
 .. image:: /manual/images/two_factor_authentication.png
-   :scale: 100%
+   :width: 100%
 .. Note::
@ -52,12 +52,12 @@ To activate your new OTP seed on the Google Authenticator, first reopen the user
 you just created by clicking on the pencil icon.
 .. image:: images/OTP_seed.png
-   :scale: 100%
+   :width: 100%
 Now it will show a QR code:
 .. image:: images/otp_qr_code.png
-   :scale: 100%
+   :width: 100%
 .. Warning::
@ -72,18 +72,18 @@ directly.
 In case of SailOTP the configuration works like this:
 .. image:: images/sailotp_menu.jpg
-   :scale: 100%
+   :width: 100%
 Pull down to open the application menu and choose the entry to add a new Token.
 .. image:: images/sailotp_scan_qr.jpg
-   :scale: 100%
+   :width: 100%
 In the next step, you have to scan the previously created QR code by clicking
 on the screen.
 .. image:: images/sailotp_scanresult.jpg
-   :scale: 100%
+   :width: 100%
 When the QR code is scanned, a new view will open where you can
 see the details of the result. This view can be used to check if the generated
@ -122,7 +122,7 @@ is token and then password **in the same field**.
 Hit the test button and if all goes well you should see *successfully authenticated*.
 .. image:: images/system_access_tester.png
-   :scale: 100%
+   :width: 100%
 ------------------------
 Step 6 - Using the token
@ -131,8 +131,8 @@ To use the token in any application/service that you have configured, just open
 the Google Authenticator and add the created token/key **before** your regular password.
 .. Warning::
-   Remember, you need to enter the token **before** or **after** you password 
+   Remember, you need to enter the token **before** or **after** you password
-   (depending on your configuration)! And the password field should be used to enter 
+   (depending on your configuration)! And the password field should be used to enter
   both token and your password, like: **Password:** 123456PASSWORD
@ -140,4 +140,4 @@ The code will change every 30 seconds.
 Sample code:
 .. image:: images/google_token_sample.png
-   :scale: 25%
+   :width: 25%
--- a/source/manual/how-tos/user-ldap.rst
+++ b/source/manual/how-tos/user-ldap.rst
@ -50,7 +50,7 @@ Enter the following information:
   something similar to will show up:
   .. image:: images/ldap_selectcontainer.png
-      :scale: 100%
+      :width: 100%
 .. TIP::
   The **Extended Query** can be used to select users who are member of a specific
@ -61,7 +61,7 @@ Enter the following information:
   **Members**.
   .. image:: images/ldap_mygroup_properties.png
-      :scale: 100%
+      :width: 100%
 Step 2 - Test
@ -71,7 +71,7 @@ and select your LDAP server and enter a valid username + password. Click on
 **Test** and if everything is setup correctly it will show:
 .. image:: images/ldap_testok.png
-   :scale: 100%
+   :width: 100%
 .. Note::
  When limited to just one group, the group name will not be shown in the listing.
@ -79,7 +79,7 @@ and select your LDAP server and enter a valid username + password. Click on
 If not (or your entered invalid credentials) it shows:
 .. image:: images/ldap_testfail.png
-   :scale: 100%
+   :width: 100%
 Step 3 - Import Users
 ---------------------
@ -88,7 +88,7 @@ to import the users into the local user manager. Go to **System->Access->Users**
 you will see a cloud import icon at the lower right corner of the form.
 .. image:: images/user_cloudimport.png
-   :scale: 100%
+   :width: 100%
 Click on the cloud import icon to start importing users.
@ -105,7 +105,7 @@ notice the difference as the **User Distinguished name** will be shown from the
 LDAP server, just like this:
 .. image:: images/user_ldap_distinguishedname.png
-    :scale: 100%
+    :width: 100%
 .. TIP::
   See :doc:`user-local` for more information on User, Groups and privileges.
@ -122,4 +122,4 @@ Go to **System->Access->Settings** and change the Authentication Server from
 The test result should look like this:
 .. image:: images/user_testresult_ldap.png
-   :scale: 80%
+   :width: 80%
--- a/source/manual/how-tos/user-local.rst
+++ b/source/manual/how-tos/user-local.rst
@ -3,7 +3,7 @@ Creating Users & Groups
 =======================
 .. image:: images/usermanager_groups.png
-   :scale: 100%
+   :width: 100%
 With the local user manager of OPNsense one can add users and groups and define
 the privileges for granting access to certain parts of the GUI (Web Configurator).
@ -47,6 +47,6 @@ The search bottom at the top of this form can be used to quickly find the right
 page.
 .. image:: images/user_privileges.png
-   :scale: 100%
+   :width: 100%
 After making the right selection click on **Save** to store the new settings.
--- a/source/manual/install.rst
+++ b/source/manual/install.rst
@ -368,7 +368,7 @@ Minimum installation actions
 **Enable RAM disk manually**
 .. image:: ./images/Screenshot_Use_RAMdisks.png
-   :scale: 100%
+   :width: 100%
 Then via console, check your /etc/fstab and make sure your primary
 partition has **rw,noatime** instead of just **rw**.
@ -410,4 +410,4 @@ The other method to upgrade the system is via console option **12) Upgrade from
 An update can be done through the GUI via **System⇒Firmware⇒Updates**.
 .. image:: ./images/firmware-update.png
-   :scale: 100%
+   :width: 100%
--- a/source/manual/ipv6.rst
+++ b/source/manual/ipv6.rst
@ -3,7 +3,7 @@ Using IPv6
 ==========
 .. image:: images/IPv6.png
-   :scale: 100%
+   :width: 100%
 OPNsense fully supports IPv6 for routing and firewall. However there are lots of
 different options to utilize IPv6. Currently these scenario's are known to work:
--- a/source/manual/mobile_wan.rst
+++ b/source/manual/mobile_wan.rst
@ -3,7 +3,7 @@ Mobile Networking
 =================
 .. image:: images/OPNsense_4G_new.png
-   :scale: 100%
+   :width: 100%
 OPNsense supports 3G and 4G (LTE) cellular modems as failsafe or primary WAN
 interface. Both USB and (mini)PCIe cards are supported.
--- a/source/manual/netflow.rst
+++ b/source/manual/netflow.rst
@ -3,7 +3,7 @@ Netflow Export & Analyses
 =========================
 .. image:: images/netflow_analyzer_insight.png
-   :scale: 100%
+   :width: 100%
 Netflow is a monitoring feature, invented by Cisco, it is implemented in the FreeBSD
 kernel with ng_netflow (Netgraph). Since Netgraph is a kernel implementation it
@ -59,7 +59,7 @@ and multiple destinations including local capture for analysis by Insight (OPNse
 Netflow Analyzer).
 .. image:: images/netflow_exporter.png
-   :scale: 100%
+   :width: 100%
 --------------------------
 Netflow Analyzer - Insight
--- a/source/manual/systemhealth.rst
+++ b/source/manual/systemhealth.rst
@ -3,7 +3,7 @@ System Health & Round Robin Data
 ================================
 .. image:: images/systemhealth_sample.png
-    :scale: 100%
+    :width: 100%
 System Health is a dynamic view on RRD data gathered by the system. It allows you
 to dive into different statistics that show the overall health and performance of
@ -41,7 +41,7 @@ Please see the screenshot below for all element of the system health module.
 Each element will be explained in the next chapters.
 .. image:: images/systemhealth_gui.png
-  :scale: 100%
+  :width: 100%
 Toggle menu collapse
 --------------------
@ -68,7 +68,7 @@ this is especially useful for traffic flows where you can plot ingoing and outgo
 in different directions.
 .. image:: images/systemhealth_inverse.png
-    :scale: 100%
+    :width: 100%
 Resolution
 ----------
@ -94,7 +94,7 @@ and show you the current detail level in this area.
 Label filter
 ------------
 .. image:: images/systemhealth_labelfilter.png
-  :scale: 100%
+  :width: 100%
 The label filter can be used to filer out data you do not want to see. Click once
 to disable or double click to select only this set.
@ -102,13 +102,13 @@ to disable or double click to select only this set.
 A nice sample can be seen here, where the *processes* obscure all other data.
 .. image:: images/systemhealth_obscureddata.png
-  :scale: 100%
+  :width: 100%
 Just click once on *processes* to hide this data set, notice that the scales will
 adapt as well.
 .. image:: images/systemhealth_filtered.png
-  :scale: 100%
+  :width: 100%
 Main graph area
 ---------------
@ -131,13 +131,13 @@ selected area.
 A sample selection:
 .. image:: images/systemhealt_selection.png
-  :scale: 100%
+  :width: 100%
 And the result:
 .. image:: images/systemhealth_zoomed.png
-  :scale: 100%
+  :width: 100%
 Min/max/average table
 ---------------------
@ -155,4 +155,4 @@ values and export the data to as comma separated file (.CSV).
 The exported dataset can be used for your own reporting.
 .. image:: images/systemhealth_excel.png
-    :scale: 100%
+    :width: 100%
--- a/source/manual/two_factor.rst
+++ b/source/manual/two_factor.rst
@ -3,7 +3,7 @@ Two-factor authentication
 =========================
 .. image:: images/two_factor_authentication.png
-   :scale: 100%
+   :width: 100%
 Two-factor authentication also known as 2FA or 2-Step Verification is an authentication
 method that requires two components, such as a pin/password + a token.
@ -27,7 +27,7 @@ has a default fallback to the local database. In case of 2FA for the GUI one nee
 to disable the fallback option to make sure no local user can gain access without 2FA.
 .. image:: images/auth_server_fallback.png
-   :scale: 100%
+   :width: 100%
 ----------------------------
--- a/source/manual/users.rst
+++ b/source/manual/users.rst
@ -3,7 +3,7 @@
 =================
 .. image:: images/user_manager.png
-   :scale: 100%
+   :width: 100%
 The user manager of OPNsense allows for controlling access to the different
 part (pages) of the configurator as well as controlling access to particular
--- a/source/manual/virtuals.rst
+++ b/source/manual/virtuals.rst
@ -86,7 +86,7 @@ opnsense bootstrap is available for our
 Amazon AWS EC2 Cloud
 --------------------
 .. image:: how-tos/images/amazon-web-services.png
-    :scale: 100%
+    :width: 100%
 Installing OPNsense into the Amazon cloud can be a dounting task as no console is
 offered. As part of Deciso's support packages (see `OPNsense commercial Support
--- a/source/manual/vpnet.rst
+++ b/source/manual/vpnet.rst
@ -7,7 +7,7 @@ extends the private network into the public network such as internet. With a VPN
 you can create large secure networks that can act as one private network.
 .. image:: images/Virtual_Private_Network_overview.png
-    :scale: 100%
+    :width: 100%
 (picture from `wikipedia <https://en.wikipedia.org/wiki/File:Virtual_Private_Network_overview.svg>`__)
@ -29,7 +29,7 @@ well known IPsec as well as older (now considered insecure) legacy options such
 L2TP and PPTP.
 .. image:: images/vpn.png
-    :scale: 100%
+    :width: 100%
 .. Note::
--- a/source/relations/osi.rst
+++ b/source/relations/osi.rst
@ -3,7 +3,7 @@ Open Source Initiative
 ======================
 .. image:: ./images/osi_standard_logo.png
-    :scale: 25%
+    :width: 25%
 -----------------------