Is there any firewall(preferred some free :) ) that can block all communication from all ip addresses except from some IP's coming from a particular location...
i basically want to block DDOS attack on my servers its being getting hit from some IP's outside my country
EDIT: i am using 1 window machine and 1 linux machine
EDIT 2: I have heard of some organization running in INDIA that helps us in doing this thing, so i think it is possible. They filter only the IP's coming from india region only and blocks the rest.
You did not mention your operating system. Linux has netfilter/iptables, Net/Open/FreeBSD has pf, Windows Server 2008 R2 has the Windows Firewall with Advanced Security which would easily be able to filter traffic based on source ip addresses. There is nothing that will be able to (reliably) filter based on a geographical location, though.
But depending on the type of the DoS attack (you happen to omit any details here as well), blocking traffic at O/S network stack level will not help you. If the DoS saturates your bandwidth, you would need to talk to your upstream ISP and ask them for filtering.
There are geoip modules for both iptables and Apache, which will allow you to blacklist entire countries. The subnet mappings aren't 100% accurate, but they're "pretty good."
With that said, if you're actually getting DoS'd (as in your link's getting saturated), firewalling won't be enough; your servers are still going to have to chew on those packets to figure out if they should be blocked. You'll need to get your upstream to nullroute either your servers or the attackers -- and if it's highly distributed, well, it's really just a matter of how responsive and cooperative your provider is.
This Serverfault question has some good general tips on DDoS mitigation - there are lots of things you can try but a significant DDoS requires help from your ISP, as mentioned.
It would help to know the web server you are using on Windows and Linux - presumably IIS and Apache.
A few options in decreasing order of usefulness:
See this question on GeoIP blocking as well and the ddos and geoip tags (also added to your question.)
A DDoS mitigation service (aka "clean pipes" service) may be the best option for serious DDoS: they front-end your traffic and filter out the DDoS, leaving you only with valid site traffic, subject to how well they filter. They have huge pipes and are focused on this problem so will probably do a better job than an in-house solution, and a lot depends on having a big enough pipe to absorb a DDoS so their hardware/software can filter it. BlockDOS.net is a reasonably priced service, Prolexic and Verisign are more top-end and much more expensive.
If that's too expensive, it might help to re-host onto Amazon EC2, which can route all traffic via a specific EC2 instance (like a VPS) - there's a specific AMI (VPS image) that is intended to frontend your web servers, which would be on separate EC2 instances. Amazon EC2 also make it possible to spin-up new server instances to handle the increased load. You might still get charged for the DDoS traffic (possibly more than for a mitigation service), and would pay for the extra servers, so this needs some investigation. Other cloud VPS providers may have better DDOS policies or in-house DDoS mitigation services.
You might want to look into some DDos scrubbing services. Basically, these services will take all the traffic you are getting, scrub out the "bad guys" and send you the clean data. Be warned, depending on the size of the attack, these can get quite expensive. A firewall on your server won't help much, because it's already gotten to you. You need to drop the traffic further away from you, and that can get complex.
Some vendors:
A large scale sustained DDOS attack usually involves attacking your name servers. Which prevents the general public from accessing your site via domain name. Since a DDOS attack can take down Yahoo for more than 24 hours. You are not going to be able to mitigate a DDOS attack simply by blocking a list of IP's in your software/hardware firewall.