How to block all connections other than Cloudflare on port 80 through tunnel?

Both of the options make it so that both the cloudflare tunnel doesn’t work and the direct IP connection doesn’t work. Cloudflare throws a 502 Bad Gateway.