This topic has already been posted on at least once that I could find ( https://forum.opnsense.org/index.php?topic=33983.0 ). But the post was never replied to, so I figured I should probably post on the topic as well. I host a Nextcloud instance on my server, and before moving to Cloudflare, I was able to reach it without any trouble, so long as I turned on reflection for port forwards, reflection for 1:1, and automatic outbound NAT for reflection. However since switching to Cloudflare, I can no longer reach my Nextcloud instance, and I can see many lines of of default deny / state violation rule showing up in the logs. I am not sure how to resolve this, if someone could explain, that would be great. Thank you for reading.
Issue was needing to use alias for all Cloudflare IPs then add HTTPS allow rule.
https://www.cloudflare.com/ips-v4