Once an image is in Cloudflare’s hands, CF won’t go back to your site to request for it again, so the htaccess rules would only apply when the CF cache expires.
Of course if Cloudflare is serving the image from its cache, hotlink protection is not as important, as it won’t consume your server CPU, bandwidth etc.
If you still want to enable hotlink protection, you can enable it on the Dashboard > Scrape Shield app. Alternatively, you can create a Firewall Rule to block such requests.