it's hard for me to understand the amount of requests made to your HFS.
if it's a very high load, HFS is not designed to manage it.
you can try to measure the bandwidth used, and talk to the guy who is doing it.
I'm interested to know the amount, to know better what HFS can handle, and cannot.
anyway, if it's not a distributed dos, but comes just from a single IP, the firewall solution is not bad.