[kainosnoema]

Unfortunately, iptables can't protect against all forms of DDOS attacks. Even just getting flooded by packets being routed to a particular IP can cause a datacenter's network to be affected. Something like CloudFlare Warp is the only way to truly prevent packets from being routed to your servers in the first place (I don't work for CloudFlare).

[toast0]

If it's not known where your servers are (because you got new IPs in a new hosting facility and never allowed them to communicate with the outside world directly), it's true that a packet flood would affect you, but it you would be awful hard to target.