New option to use and configure Prosody mod_firewall WIP (#97):

* new setting
* new configuration screen for Peertube admins
* include the mod_firewall module
* load mod_firewall if enabled
* sys admin can disable the firewall config editing by creating a
  special file on the disk
* user documentation

prosody-modules/mod_firewall/scripts/jabberspam-simple-blocklist.pfw

@@ -0,0 +1,17 @@
+# This is a simple ruleset to block all traffic from servers
+# on the JabberSPAM blocklist. Even traffic from existing user
+# contacts will be blocked.
+#
+# Example config (make sure "firewall" is in modules_enabled):
+#
+#   firewall_scripts = { "module:scripts/jabberspam-simple-blocklist.pfw" }
+#
+# For a more advanced ruleset, consider using spam-blocking.pfw
+# and spam-blocklists.pfw.
+
+%LIST blocklist: https://cdn.jsdelivr.net/gh/jabberspam/blacklist/blacklist.txt
+
+::deliver
+
+CHECK LIST: blocklist contains $<@from|host>
+BOUNCE=policy-violation (Your server is blocked due to spam)

prosody-modules/mod_firewall/scripts/spam-blocking.pfw

@@ -0,0 +1,182 @@
+#### Anti-spam ruleset ###########################################
+#
+# This script provides some foundational anti-spam rules. It aims
+# to PASS stanzas that are definitely not spam, and DROP stanzas
+# that are very likely spam.
+#
+# It does not do any form of content filtering,
+# but this can be implemented by other scripts and
+# modules as desired using the chains documented below.
+#
+#
+# The following chains are available as extension
+# points:
+#
+# ::user/spam_check_custom
+#   Apply additional rules to all stanzas before they are checked.
+#   Mainly useful to PASS stanzas that you do not want to be
+#   filtered.
+#
+# ::user/spam_check_message_custom
+#   Apply additional rules to messages from strangers, aiming to
+#   PASS stanzas that are not spam and jump to ::user/spam_reject
+#   for stanzas that are considered spam.
+#
+# ::user/spam_check_message_content_custom
+#   Apply additional rules to messages that may be spam, based on
+#   message content rules. These may contain more intensive rules,
+#   so are executed after all other checks. Rules should jump to
+#   ::user/spam_reject if a message is considered spam.
+#
+# ::user/spam_check_presence_custom
+#   Apply additional rules to presence that may be spam.
+#
+# ::user/spam_check_subscription_request_custom
+#   Apply additional rules to subscription requests.
+#
+# ::user/spam_handle_unknown_custom
+#   Override default handling of stanzas that weren't explicitly
+#   passed or rejected by the anti-spam checks.
+#
+# ::user/spam_reject_custom
+#   Override default handling of stanzas that have
+#   been recognised as spam (default is to bounce
+#   a policy-violation error). 
+#
+##################################################################
+
+#### Entry point for all incoming stanzas ########################
+::deliver
+
+# Override this if you want to prevent certain stanzas going through
+# the normal spam_check chain
+JUMP_CHAIN=user/spam_check_custom
+
+# Run the default spam_check chain
+JUMP_CHAIN=user/spam_check
+
+##################################################################
+
+#### General spam-checking rules (all stanzas) ###################
+::user/spam_check
+
+# Pass stanzas that a user sends to their own account
+TO SELF?
+PASS.
+
+# Pass stanzas that are addressed to a valid full JID
+TO FULL JID?
+PASS.
+
+# Pass stanzas from contacts
+SUBSCRIBED?
+PASS.
+
+# Run extra rules that apply to messages only
+KIND: message
+JUMP CHAIN=user/spam_check_message
+
+# Run extra rules that apply to presence stanzas only
+KIND: presence
+JUMP CHAIN=user/spam_check_presence
+
+JUMP CHAIN=user/spam_handle_unknown
+
+# Default is to allow, override this with
+# the 'user/spam_handle_unknown' chain
+PASS.
+
+#### Rules for messages ##########################################
+::user/spam_check_message
+
+JUMP CHAIN=user/spam_check_message_custom
+
+# Type 'groupchat' messages addressed to an offline full JID are harmless,
+# and should be routed normally to handle MUC 'ghosts' correctly
+TO: <*>@<*>/<*>
+TYPE: groupchat
+PASS.
+
+# Mediated MUC invitations are naturally from 'strangers' and have special
+# handling. We lean towards accepting them, unless overridden by custom rules.
+NOT FROM FULL JID?
+INSPECT: {http://jabber.org/protocol/muc#user}x/invite
+JUMP CHAIN=user/spam_check_muc_invite
+
+# Non-chat message types often generate pop-ups in clients,
+# so we won't accept them from strangers
+NOT TYPE: chat
+JUMP CHAIN=user/spam_reject
+
+JUMP CHAIN=user/spam_check_message_content
+
+# This chain can be used by other scripts
+# and modules that analyze message content
+JUMP CHAIN=user/spam_check_message_content_custom
+
+##################################################################
+
+#### Rules for presence stanzas ##################################
+::user/spam_check_presence
+
+JUMP CHAIN=user/spam_check_presence_custom
+
+# Presence to offline full JIDs is harmless, and should be routed
+# normally to handle MUC 'ghosts' correctly
+TO: <*>@<*>/<*>
+PASS.
+
+# These may be received if rosters get out of sync and are harmless
+# because they will not be routed to the client unless necessary
+TYPE: unsubscribe|unsubscribed
+PASS.
+
+# We don't want to receive presence from random strangers,
+# but still allow subscription requests
+NOT TYPE: subscribe|subscribed
+DROP.
+
+# This chain can be used by other scripts
+# and modules to filter subscription requests
+JUMP CHAIN=user/spam_check_subscription_request
+
+JUMP CHAIN=user/spam_check_subscription_request_custom
+
+##################################################################
+
+#### Rules for MUC invitations ###################################
+
+::user/spam_check_muc_invite
+
+# This chain can be used to inspect the invitation and determine
+# the appropriate action. Otherwise, we proceed with the default
+# action below.
+JUMP CHAIN=user/spam_check_muc_invite_custom
+
+# Allow mediated MUC invitations by default
+PASS.
+
+#### Stanzas reaching this chain will be rejected ################
+::user/spam_reject
+
+# This chain can be used by other scripts
+# and modules to override the default behaviour
+# when rejecting spam stanzas
+JUMP CHAIN=user/spam_reject_custom
+
+LOG=Rejecting suspected spam: $(stanza:top_tag())
+BOUNCE=policy-violation
+
+##################################################################
+
+#### Stanzas that may be spam, but we're not sure either way #####
+::user/spam_handle_unknown
+
+# This chain can be used by other scripts
+# and modules to apply additional checks, or to
+# override the default behaviour
+JUMP CHAIN=user/spam_handle_unknown_custom
+
+#LOG=[debug] Spam check allowing: $(stanza:top_tag())
+
+##################################################################

prosody-modules/mod_firewall/scripts/spam-blocklists.pfw

@@ -0,0 +1,20 @@
+# This script depends on spam-blocking.pfw also being loaded
+# Any traffic that is not explicitly blocked or allowed by other
+# rules will be checked against the JabberSPAM server blocklist
+
+%LIST blocklist: https://cdn.jsdelivr.net/gh/jabberspam/blacklist/blacklist.txt
+
+::user/spam_handle_unknown_custom
+
+CHECK LIST: blocklist contains $<@from|host>
+BOUNCE=policy-violation (Your server is blocked due to spam)
+
+::user/spam_check_muc_invite_custom
+
+# Check the server we received the invitation from
+CHECK LIST: blocklist contains $<@from|host>
+BOUNCE=policy-violation (Your server is blocked due to spam)
+
+# Check the inviter's JID against the blocklist, too
+CHECK LIST: blocklist contains $<{http://jabber.org/protocol/muc#user}x/invite@from|host>
+BOUNCE=policy-violation (Your server is blocked due to spam)

prosody-modules/mod_firewall/scripts/spam-strip-xhtml.pfw

@@ -0,0 +1,5 @@
+# Strip XHTML-IM from messages received from strangers
+
+::user/spam_check_message_custom
+
+STRIP=html http://jabber.org/protocol/xhtml-im