bridge interface down, yet still bridging?

[david robertson]

I've got an issue that only crops up every so often (every few  
months), and it's theoretically impossible.

I've got two FreeBSD 6.2 firewalls in a failover state, using bridging  
(I don't control .1, and don't have a choice).  I use ifstated and  
carp to monitor which one is master, and which is slave.  The slave  
has the bridge0 interface down, and the master has it up.

On to the issue:

Last night the problem came back, the network looped via the bridges,  
even though the bridge interface on the backup failover was in a  
'down' state.

The loop was verified by our hosting company, the two uplink ports  
that the firewalls are in were doing the exact same amount of traffic  
inbound and outbound - definately a loop.  As soon as they disabled  
one of the firewall ports, everything went back to normal.  At this  
point, I verified the bridge interface was infact down on the failover  
firewall.  Hosting company turned back on the port, and blam - loop.

Has anyone ever come across this specific issue before?