iptables

DDoS protection?

Hello. While an agreement is being concluded with a company that will filter our traffic, there is a little time to figure out / learn how to suppress attacks. I already banned unwanted countries, but then the bulk of the requests began to go within the country with our main target audience. I found this cure:
habrahabr.ru/post/204508
But since I'm not strong in nix scripts, I can't figure it out. Help.
When I run the script, I get: I began
Bad argument 'DROP'
to pick the script, indeed, the following lines are written in iptables_ban.sh :

/sbin/iptables -I INPUT -p tcp --dport 80 -s  -j DROP
/sbin/iptables -I INPUT -p tcp --dport 80 -s  -j DROP
/sbin/iptables -I INPUT -p tcp --dport 80 -s  -j DROP

Those. there are no ips. In ddos.iplist - there is information on ip, lowered the threshold for sampling ip 3 hits (there are definitely such), but iptables_ban.sh still does not get ip.
System: centos
PS the script worked, also modified it a little.
Replaced

netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n > /tmp/ddos.iplist

On the

tcpdump -v -n -w /var/ddos/ddos1.iplist dst port 80 -c 5000
tcpdump -nr /tmp/ddos1.iplist |awk '{print $3}' |grep -oE '[0-9]{1,}\.[0-9]{1,}\.[0-9]{1,}\.[0-9]{1,}' |sort |uniq -c |sort -rn > /tmp/ddos.iplist

More gap - respectively more garbage with ip-zombies. And raise the threshold to 30-40 - that's it.
Thank you!