Comment 1 for bug 1706285

The iptables defer_apply() code is a little better in that it catches the exception in defer_apply_off() and raises a consistent value.

But I think we need to always make the filter_defer_apply_off() call so that things like self._defer_apply are correctly set to False, else we could get in a state where the agent can't apply anything, right? Maybe a patch with your proposed change would be a better place to discuss?