@erick51 You can. But it takes experience and knowledge.
And you need hardware with dual Xeon proc. to cope.
in the mean time you could try and find the differences between the DDOS packets & the good packets by doing packet captures (& analyzing them in wireshark)
@coldfix if you’re looking for control plane protection (or policing) a different brand of FW would be needed as PFsense does not have any mitigation for that.