loic caches then spams thousands of UDP packets to a target. That's at least the most effective use in it.
Honestly though, forging packets yourself with scapy is a MUCH more effective way to ddos.
As to the firewall and blag blah, A. get an NIDS, B. learn to nullroute, C. most ddos attacks happen from a small section of servers, often zombied, so many times people have to simply null route the ip they're being directed to until it subsides. However, cisco TMS/Guard systems, among many other systems of the type, are fairly good about dealing with smaller ddos attacks. Hope this helps.