Below are some of the kernel values which could mitigate DDOS and SYN floods to a large extend. You can add these values to /etc/sysctl.conf file or use "sysctl -w" to make online changes.
sysctl -w net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_recv=45

sysctl -w net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=332000

sysctl -w net.ipv4.tcp_fin_timeout=15

sysctl -w net.ipv4.tcp_synack_retries=5

sysctl -w net.ipv4.tcp_fin_timeout=15

sysctl -w net.ipv4.tcp_keepalive_time=1500

sysctl -w net.ipv4.tcp_sack=0

sysctl -w net.ipv4.tcp_max_tw_buckets=1440000

sysctl -w net.ipv4.tcp_max_syn_backlog=2048

sysctl -w net.ipv4.tcp_max_syn_backlog=4096

sysctl -w net.ipv4.tcp_fin_timeout=20

sysctl -w net.ipv4.tcp_keepalive_time=1800

sysctl -w net.ipv4.tcp_fin_timeout=20

sysctl -w net.ipv4.tcp_keepalive_time=1800

sysctl -w net.ipv4.tcp_keepalive_intvl=40

sysctl -w net.ipv4.tcp_tw_recycle=1

sysctl -w net.ipv4.tcp_tw_reuse=1

sysctl -w net.ipv4.tcp_max_syn_backlog=4096

sysctl -w net.ipv4.inet_peer_gc_maxtime=240

sysctl -w net.ipv4.inet_peer_maxttl=500

sysctl -w net.ipv4.inet_peer_minttl=80

We will be adding more sysctl tweaks soon.