Any system you put in place to limit or block ip address will still have to use CPU cycles and bandwidth to a) determine that a packet has arrived and b) figure out where it came from. If your server is on a 10Mbit line, and I'm sending you 1 million, 100-byte packets per second (that's 100MB/s), most of the bandwidth is going to be used carrying these packets, which doesn't give anything else much of a chance to get through.
So, a well Ddos attack will make you (a) run out of bandwidth preventing legitimate requests from getting to you, and (b) make you run out of processing power which stops legitimate requests from being processed properly.