If the DDoS is flattening your router/switch, it won't help to set those kinds of parameters.
Do you know what kind of DDoS it is? what kind of traffic? Are you analyzing the packets? If you can narrow down the attacking hosts to ranges of IPs you can report them to either your internet provider or theirs. It turns out that most ISPs do not like being the source for DoS attacks.
Do you have other hosts on the network that can get out okay? If so, limiting the traffic per IP in terms of # of connections or throughput can be useful, even moreso from a router or switch. If they cannot, you must get further up the data path as connections are still passing through routers and switches before they get to your freeBSD server.
It doesn't get happy. It doesn't get sad. It just. Runs. Programs.