Networking on Arch

# Install NetworkManager
sudo pacman -S networkmanager

# Enable and start
sudo systemctl enable --now NetworkManager

# Optional: GUI applets
sudo pacman -S nm-connection-editor       # GTK connection editor
sudo pacman -S network-manager-applet     # System tray applet

# Overall status
nmcli general status

# Device status
nmcli device status

# Show all connections
nmcli connection show

# Show active connections
nmcli connection show --active

# Detailed connection info
nmcli connection show "connection-name"

# Enable WiFi
nmcli radio wifi on

# Scan and list networks
nmcli device wifi list

# Rescan
nmcli device wifi rescan

# Connect to network
nmcli device wifi connect "NetworkName" password "password"

# Connect with specific interface
nmcli device wifi connect "NetworkName" password "password" ifname wlan0

# Connect to hidden network
nmcli device wifi connect "HiddenSSID" password "password" hidden yes

# Create new connection
nmcli connection add type wifi \
    con-name "MyWifi" \
    ifname wlan0 \
    ssid "NetworkName"
nmcli connection modify "MyWifi" wifi-sec.key-mgmt wpa-psk
nmcli connection modify "MyWifi" wifi-sec.psk "password"

# Modify existing connection
nmcli connection modify "MyWifi" ipv4.addresses "192.168.1.100/24"
nmcli connection modify "MyWifi" ipv4.gateway "192.168.1.1"
nmcli connection modify "MyWifi" ipv4.dns "8.8.8.8 8.8.4.4"
nmcli connection modify "MyWifi" ipv4.method manual

# Delete connection
nmcli connection delete "MyWifi"

# Up/down connection
nmcli connection up "MyWifi"
nmcli connection down "MyWifi"

# Set static IP
nmcli connection modify "Wired" \
    ipv4.addresses "192.168.1.100/24" \
    ipv4.gateway "192.168.1.1" \
    ipv4.dns "8.8.8.8 8.8.4.4" \
    ipv4.method manual

# Apply changes
nmcli connection up "Wired"

# Back to DHCP
nmcli connection modify "Wired" ipv4.method auto
nmcli connection modify "Wired" ipv4.addresses ""
nmcli connection up "Wired"

# Set custom DNS
nmcli connection modify "Connection" ipv4.dns "1.1.1.1 1.0.0.1"
nmcli connection modify "Connection" ipv4.ignore-auto-dns yes

# Check DNS
nmcli dev show | grep DNS
cat /etc/resolv.conf

# NetworkManager stores connections in
/etc/NetworkManager/system-connections/

# Example WiFi connection file
# /etc/NetworkManager/system-connections/MyWifi.nmconnection
[connection]
id=MyWifi
type=wifi
autoconnect=true

[wifi]
ssid=NetworkName
mode=infrastructure

[wifi-security]
key-mgmt=wpa-psk
psk=password

[ipv4]
method=auto

[ipv6]
method=auto

# Permissions
sudo chmod 600 /etc/NetworkManager/system-connections/*

# Install iwd
sudo pacman -S iwd

# Enable
sudo systemctl enable --now iwd

# Enter iwctl
iwctl

# In iwctl shell
device list
station wlan0 scan
station wlan0 get-networks
station wlan0 connect "NetworkName"
exit

# One-liner
iwctl station wlan0 connect "NetworkName"

# /etc/iwd/main.conf
[General]
EnableNetworkConfiguration=true
AddressRandomization=once

[Network]
EnableIPv6=true
NameResolvingService=systemd

[Scan]
DisablePeriodicScan=false

# /etc/NetworkManager/conf.d/wifi-backend.conf
[device]
wifi.backend=iwd

# Restart NetworkManager
sudo systemctl restart NetworkManager

# Benefits: Uses iwd for WiFi, NM for everything else

# Enable
sudo systemctl enable --now systemd-networkd
sudo systemctl enable --now systemd-resolved

# Link resolv.conf
sudo ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf

# /etc/systemd/network/20-wired.network
[Match]
Name=enp*

[Network]
DHCP=yes

# /etc/systemd/network/20-wired.network
[Match]
Name=enp0s31f6

[Network]
Address=192.168.1.100/24
Gateway=192.168.1.1
DNS=8.8.8.8
DNS=8.8.4.4

# /etc/systemd/network/25-wireless.network
[Match]
Name=wlan0

[Network]
DHCP=yes
IgnoreCarrierLoss=3s

# Reload configuration
sudo networkctl reload

# Restart
sudo systemctl restart systemd-networkd

# Check status
networkctl status
networkctl list

# Install
sudo pacman -S wireguard-tools

# Create keys
wg genkey | tee privatekey | wg pubkey > publickey

# Configuration
# /etc/wireguard/wg0.conf
[Interface]
PrivateKey = YOUR_PRIVATE_KEY
Address = 10.0.0.2/24
DNS = 1.1.1.1

[Peer]
PublicKey = SERVER_PUBLIC_KEY
Endpoint = vpn.example.com:51820
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 25

# Start/stop
sudo wg-quick up wg0
sudo wg-quick down wg0

# Enable at boot
sudo systemctl enable wg-quick@wg0

# Check status
sudo wg show

# Install
sudo pacman -S openvpn

# Import with NetworkManager
sudo nmcli connection import type openvpn file config.ovpn

# Or manually
sudo openvpn --config /path/to/config.ovpn

# Enable service
sudo systemctl enable openvpn-client@config

# OpenVPN
sudo pacman -S networkmanager-openvpn

# WireGuard (native in NM 1.16+)
# No additional package needed

# L2TP/IPsec
sudo pacman -S networkmanager-l2tp

# OpenConnect (Cisco)
sudo pacman -S networkmanager-openconnect

# Install
sudo pacman -S ufw

# Basic setup
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow ssh
sudo ufw enable

# Allow ports
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp

# Status
sudo ufw status verbose

# Install
sudo pacman -S firewalld

# Enable
sudo systemctl enable --now firewalld

# Basic commands
firewall-cmd --state
firewall-cmd --get-active-zones
firewall-cmd --list-all

# Allow service
sudo firewall-cmd --add-service=http --permanent
sudo firewall-cmd --reload

# Allow port
sudo firewall-cmd --add-port=8080/tcp --permanent
sudo firewall-cmd --reload

# Install
sudo pacman -S nftables

# Enable
sudo systemctl enable --now nftables

# Basic ruleset
# /etc/nftables.conf
table inet filter {
    chain input {
        type filter hook input priority 0; policy drop;
        ct state established,related accept
        iif lo accept
        tcp dport ssh accept
    }
    chain forward {
        type filter hook forward priority 0; policy drop;
    }
    chain output {
        type filter hook output priority 0; policy accept;
    }
}

# Enable
sudo systemctl enable --now systemd-resolved

# Link resolv.conf
sudo ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf

# Check status
resolvectl status

# Flush cache
resolvectl flush-caches

# /etc/systemd/resolved.conf
[Resolve]
DNS=1.1.1.1 1.0.0.1
FallbackDNS=8.8.8.8 8.8.4.4
DNSOverTLS=yes

# Restart
sudo systemctl restart systemd-resolved

# /etc/systemd/resolved.conf
[Resolve]
DNS=1.1.1.1#cloudflare-dns.com
DNSOverTLS=yes

# Restart and verify
sudo systemctl restart systemd-resolved
resolvectl status

# Set hostname
sudo hostnamectl set-hostname archbox

# /etc/hosts
127.0.0.1   localhost
::1         localhost
127.0.1.1   archbox.localdomain archbox

# Install
sudo pacman -S avahi nss-mdns

# Enable
sudo systemctl enable --now avahi-daemon

# Configure NSS
# /etc/nsswitch.conf
hosts: mymachines mdns_minimal [NOTFOUND=return] resolve [!UNAVAIL=return] files dns

# Now accessible as archbox.local
ping archbox.local

# Interface status
ip link show
nmcli device status

# IP address
ip addr show
hostname -I

# Routes
ip route show
nmcli dev show | grep ROUTE

# DNS
cat /etc/resolv.conf
resolvectl status
dig archlinux.org

# Test connectivity
ping -c 3 192.168.1.1    # Gateway
ping -c 3 8.8.8.8        # Internet
ping -c 3 archlinux.org  # DNS resolution

# Check if interface exists
ip link show wlan0

# Check if blocked
rfkill list

# Unblock
sudo rfkill unblock wifi

# Scan for networks
nmcli device wifi rescan
nmcli device wifi list

# Check driver
lspci -k | grep -A 3 Network
dmesg | grep -i wifi

# Recent logs
journalctl -u NetworkManager -b

# Follow live
journalctl -u NetworkManager -f

# Debug level
sudo nmcli general logging level DEBUG domains ALL

# NetworkManager
sudo systemctl restart NetworkManager

# Specific interface
nmcli device disconnect wlan0
nmcli device connect wlan0

# Complete reset
sudo systemctl stop NetworkManager
sudo ip link set wlan0 down
sudo ip link set wlan0 up
sudo systemctl start NetworkManager