@
whateveryes: First of all, many people don't understand what DDoS is. Unfortunately, including you.
DDoS = Distributed Denial of Service (attack)
Initially the way it 'works' is to flood a service with so many requests, so it cannot process it and starts dropping/denying most requests, basically making it useless to end user.
DDoS is *not* simple flood attack!
While it may generate extra network traffic, DDoS attack is *not* just a TCP flood attack.
It relies on server holding service to be overflooded, not network itself.
Firewalls will *not* help you at all with DDoS.
DDoS attacks are exactly that - *distributed* attacks, which means you receive attack from several (thousands) of sources.
There are no rules possible in firewall to prevent that.
What can help you are IPS systems, which can detect anomaly in TCP traffic, and block those attacks.
With DDoS you will *not* be able to easily detect source - as source is hundreds/thousands of IP adresses.
What most people see in many cases here is not DDoS, but simple DoS attack, originating from one IP address.. who tries to do.. something stupid.