The bridge mode for AT&T's fiber plans is notoriously shitty at just being a dumb bridge... but it does at least pass the IP through so you can port forward like a normal person would (the built in port forward is so ass backwards). My connection became significantly better (marginally better in max throughput, significantly better in connections/s, QoS, and jitter) when I went from "bridge" mode to replacing the ONT with an unofficial device with a "real" bridge config.
The other thing you can run into is, even in bridge mode, there is a relatively low session limit. The exact number depends on the model you get but some were as low as 4,000 (which sounds like a lot until you start loading background apps on devices and connecting to webpages which are actually dozens of connections per in many cases). The newer boxes aren't as bad... but it was still worthwhile for the effort.
Terms of service, probably. Never bothered to read it, I'm sure I break their terms of service 6 ways to Sunday. At the same time I've been doing this type of bypass with AT&T for years and never heard of anyone getting blocked for it either. I'm sure someone somewhere has though but I suspect they are much more interested in those abusing their connection or causing legal troubles than someone paying but silently using a different modem.
I just got AT&T fiber installed and the gateway has 8192 conntrack slots. Two steam clients scanning for Counter-Strike 2 servers at the same time can chew through that many connections.
I joined the 8311 discord and will be doing a full bypass as soon as feasible.
