you can try CSF , works great for me:
and you can try something like this:
# Block every IP with 400 connections or more
CT_LIMIT = "400"
# Connection Tracking interval. Set this to the the number of seconds between
# connection tracking scans
CT_INTERVAL = "30"
# Send an email alert if an IP address is blocked due to connection tracking
CT_EMAIL_ALERT = "1"
# If you want to make IP blocks permanent then set this to 1, otherwise blocks
# will be temporary and will be cleared after CT_BLOCK_TIME seconds
CT_PERMANENT = "0"
# If you opt for temporary IP blocks for CT, then the following is the interval
# in seconds that the IP will remained blocked for (e.g. 1800 = 30 mins)
CT_BLOCK_TIME = "1800"
Another option is try cloudflare, in this way the ddos will be filtered by cloudflare :