A software firewall (like iptables) will not stop a DDoS attack. It helps against simple one-IP, low bandwidth DoS attacks but not against a real attack. Any attacks over your port speed will simply have to be nullrouted somewhere else higher up the chain as it will be maxing your port speed anyhow.