You can do that, but modern kernels detect DDos attacks and stop responding.
When a DDos starts on your system, there isn’t much you can do then wait for it to stop.
However, I have not seen many of those attacks on NTP servers as there are counter measures taken some time ago.
Needless to say, this might not be the case if your server is some VPS, outside your home (unless you only log in to it via a remote console session or so).
The NOTRACK-part of the iptables is good. From what I can tell, the configuration makes sense (disclaimer: I only briefly went over it).
Did you check your running severs with ‘netstat -l’ ?
I would remove all unwanted services in any case, as they use CPU-power for nothing.
Also, remote desktops etc is a waste of CPU-cycles, SSH is a far better way of accessing a Linux-blackbox.
SSH defaults to MaxAuthTries 6, after it starts make it difficult to try further attempts.
Typical machines are not hacked via SSH but rather via poorly programmed php-script running on http-servers.
Or systems that leave config-scripts in place. People that use simplistic and/or default passwords.
Script-kiddies will try, but fail2ban solves that.
As said before, I do not use manual written iptables at all. I rather remove all unwanted services from running.
I do not trust firewalls for my defense, they are an add-on but not the first step.
E.g. if your system is running Apache-http server and they manage to install a terminal-program via http-injection, they are half way into your system and your firewall has no clue if port 80 is allowed.
I did, many times. For me Ubuntu is a no-go on servers, that is all Debian.
Desktop, Mint, also no-Ubuntu as it’s not stable in upgrades and changes/breaks things all the time.
Mint is Ubuntu too but doesn’t use Snap, and they have a good reason for that, Snap makes the programs as blunted as Windows does.
Also it makes it use far more cpu-cycles then needed.
As long as you stay inside the box there are no issues, but try outside the box and Ubuntu breaks rules all the time.
For me it’s Debian on servers and Mint-Mate on Desktops…no snap and it works good, even outside the box