ddos deflate may save your server, but not your network.
And yes, we can protect ourselves from fools on our own, but from smart people you need a smart (professional) defender.

start by configuring fail2ban.

I recommend using csf as a base server protection .
It is easy to install and configure (there is a built-in web interface and a module for webmin), monitors both network things (port scans, for example) and all kinds of logs (including overriding all fail2ban functionality) for brute force of such things.
It is necessary to protect yourself from DDoS according to the situation, because he is different. There is no automatic protection. More precisely, there is something similar to this, but for a lot of money (for example, Radware DefensePro solutions, Arbor Pravail / PeakFlow and others like that) and still requires constant monitoring and adjustment to maintain effectiveness. Or connect to a service like Qrator/Kaspersky/Akamai/Cloudflare/etc. (paid cloudflare plans have ddos ​​protection options, as well as a WAF service).
But since such a question has arisen at all, I strongly recommend hiring a professional who will do / adjust / maintain these things for you.

Did the admin leave you? Otherwise, I don't understand how you managed to install gentoo there :)