I think APF firewall has a built in antidos feature. Also, you might as well compile your kenel with SYN cookies which will help prevent SYN flooding.
In addition to these, you could also, drop continous connections from a source ip by using the --limit chain in iptables, if it exceeds x number of connections per second.
and sample chain would look like :
/sbin/iptables -A INPUT -p icmp --icmp-type 8 -m limit --limit 1/second -j ACCEPT
I hope it was helpful. Thanks.