Clustered Network has released a Unix / Linux shell script that will automatically create UFW firewall rules allowing traffic to your webserver ONLY from Cloudflare. This forces all fo the http/https traffic through Clodflare's Network. The script can be found on github at https://github.com/clusterednetworks/ufw-block-http-except-clouldflare.
Using a traditional Cloudflare setup allows you to route traffic to your website or webserver though their network. The problem is that your site or server ip may very well be still exposed to the internet. This script will allow you to close all http/https traffic to your server and "force" all the traffic though cloudflare.
By using our script, it will greatly reduce the risk of DDoS and malicious code that can be ran against your server or website.