UFW rules on VPS

Hey,

I use cloudflare for performance and security. In the interest of security i use a script to dynamically update the rules of the distributions firewall, so that it is boxed in behind cloudflares network, so that no other IP's are able to access the server. This ensures all requests to the server are sent via cloudflare network and my IP is not able to be listed in search engines such as censys / shodan and reverse dns lookups using dig etc.

I have been doing this for a while now and have never had a problem on other providers (AWS/GCP/Digital Ocean etc.)

When i enable the ufw rules for ssh and cloudflare IP ranges, My server/VPS is unreachable. I can still ssh but all requests to the server are blocked by UFW. When running a whois lookup on the IP addresses that are listed as blocked by UFW / IPtables in syslog, i can see results from Hetzner (different VPS provider) and some from china.. None of these are cloudflare addresses or ranges. I am also unable to properly configure the firewall implemented by OVH and i think this may be the problem. It also may be the case that i cant access because i dont have the ability to properly assign a hostname to the VPS/Reverse DNS.

I have disabled update_etc_hosts and set preserve_hostname to true and manage_etc_hosts to false in /etc/cloud/cloud.cfg. I have set the hostname in /etc/hostname and in /etc/hosts and removed the directive in /etc/hosts for the OVH given server domain. It persists on boot but i am still unable to properly configure these rulesets.

I am unable to change the reverse DNS in OVH control panel as it complains that the hostname does not resolve to my domain name. I have checked that as long as i disable UFW and leave my server accessible to the entire web, it resolves fine, though i do have issues to ssh into the server using a domain name and have had to set a local hosts entry to ensure ease of connection.

What exactly is causing this and how can i resolve the problem?

Thanks!
Charlie