Forwarding ports in FW with a cloudflare proxy

I wanted to ask if anyone knows how I can, when I forward ports on my firewall, open to specific Cloudflare addresses and then actually make the proxy the only gateway to the port.
Today my problem is that a proxy is also activated but it is not hermetic because whoever tries to log in with the IP will have the option
And if there is such a situation, which cloudflare IP addresses should I allow?
I will be happy to hear
thank you

Duplicate of