Cloudflared and Pi-Hole forwarding not blocking content

I am running Cloudflared and Pi-Hole on Debian Bullseye, and the results indicated that I am sucessfully connected to Zero Trust with DOH forwarding (not by tunnel). Everything works fine, can access web, etc. Blocking works on clients only were warp is installed and authenticated (mobile), but the filtering categories in place do not seem block any content on agentless clients behind the Pi-Hole.