qubes-firewall: Suppress extraneous conntrack output

conntrack generally prints a status message to stderr before exiting,
which interferes with listing connections. Output from dropping
connections was unused.

Fixes QubesOS/qubes-issues#9760

Author: coyotebush

qubesagent/firewall.py

@@ -183,16 +183,16 @@ def list_targets(self):
     def conntrack_drop(self, src, con):
         subprocess.run(['conntrack', '-D', '--src', src, '--dst', con[1],
                         '--proto', con[0], '--dport', con[2]],
-                       stdout=subprocess.PIPE,
-                       stderr=subprocess.STDOUT)
+                       stdout=subprocess.DEVNULL,
+                       stderr=subprocess.DEVNULL)
 
     def conntrack_get_connections(self, family, source):
         connections = set()
 
         with subprocess.Popen(['conntrack', '-L',
                                '--family', f'ipv{family}', '--src', source],
                              stdout=subprocess.PIPE,
-                             stderr=subprocess.STDOUT) as p:
+                             stderr=subprocess.DEVNULL) as p:
             while True:
                 line = p.stdout.readline()
                 if not line: