See here for script – https://bitbucket.org/sysadminman/vultr-firewall-cloudflare
If you have a web server running behind cloudflare then you really want to only allow the cloudflare IPs to connect to that server.
If your web server is running on a vultr then you can create a firewall group using their API to allow this.
You won’t want to enter the cloudflare IPs manually, but they provide a downloadable list of their IPs.
I wrote this python script that creates a new firewall group and whitelists the cloudflare IPs, plus SSH (port 22). If you run the script again it will update the firewall group with the current IPs.
You will need a vultr API access token to connect to the API