Blocking an entire country won't do much... if the attack is larger than your uplink speed, you can block it with iptables or whatever all you want. It won't have any effect. ISPs that specifically offer DDoS protection have specialized (and very expensive) DDoS mitigation appliances that filter out the traffic before it even hits the box.