I recently switched to using a Draytek Vigor router in modem-mode or “full-bride”-mode for PfSense. The setup was extremely simple, everything worked right away. Plus, the speeds were pretty much exactly what my DSL plan promises.
However, I noticed something odd when checking the firewall logs in PfSense: Some device was broadcasting something via UDP on port 4944 every ten seconds. The traffic was getting blocked by the default deny rule, but I still wanted to turn the broadcast off if I could.
Since I had just added the Vigor, I immediately suspected that it was the culprit filling up the logs. A quick online search told me that it was indeed the Vigor broadcasting it’s DSL status.
Is there a Draytek VDSL2 modem involved somewhere? Apparently UDP port 4944 is where Draytek modems broadcast their DSL stats to (this can be used by some Draytek routers to display the DSL stats of the separate modem). [Source]
So, I dug through the Vigor’s settings looking for anything “broadcast” or “dsl status”. I finally found a setting under System Maintenance > Management called “Broadcast DSL status to router in LAN”.
Once disabled, the firewall logs did indeed not show any more entries like the above-mentioned — great!