Hijacking: With the above solution, it’s also super easy to install modpacks and I would recommend Modrinth as both the modded Minecraft launcher and mod-shareplace.
https://docker-minecraft-server.readthedocs.io/en/latest/mods-and-plugins/
Went the same route last year and had no issues.
FYI, IP access rules don’t count towards the 5 custom rules limit, but the more generous 50k limit.
With fail2ban, you can setup IP access rules via the cftoken-action quite easily.
Security --> WAF --> Tools to access the IP rules in the dashboard. https://developers.cloudflare.com/waf/tools/ip-access-rules/