CloudFlare public IPs list(s)
-
To all, who using Cloudflare: Cloudflare’s public IPs list
“old post but important” post about to hiding Your real uplinks IPs: close ALL ports, open only for incoming from CloudFlare IPs.
A little bit extra security may be added by using Authenticated Origin Pulls (CloudFlare functionality).
In this case even automated scanning on your ISP AS's do not show that exist something behind Your IPs... ;)
P.S. This suggestion able to making Your servers unreachable in case when CloudFlare exclude (because abuse or You using a huge ton of traffic on their free plan) You from proxing (but leave on DNS).