The first 'D' of DDoS means distributed.
Which means it is so broad. If you unplug yourself from the internet, yes you can block them...
Also blackholing them like this won't be useful. Since attack is comming from multiple zombie clients (hundreds of thousands) and current internet structure is using IPv4 with CGNAT, you would block tens of millions of legitimate users at the expense of a small percentage.
Edit: Also, even though you blackhole them within your iptables, packages are still coming to you (routed) and filling up the bandwidth whether you like it or not.
And you pay your peers according to bandwidth you use. (eg. bytes in and out per month)
So, a proper solution is to use globally distributed system to broadcast specific routes so the attack gets stopped even before it reaches you. (eg. through their own ISP's route table blackholing your routes) But that means legit users from that ISP wont be able to access your network at all...
Edit: Also, even though you blackhole them within your iptables, packages are still coming to you (routed) and filling up the bandwidth whether you like it or not.
And you pay your peers according to bandwidth you use. (eg. bytes in and out per month)
So, a proper solution is to use globally distributed system to broadcast specific routes so the attack gets stopped even before it reaches you. (eg. through their own ISP's route table blackholing your routes) But that means legit users from that ISP wont be able to access your network at all...