for i in `curl https://www.cloudflare.com/ips-v4`; do iptables -I INPUT -p tcp -s $i --dport http -j ACCEPT; done  
for i in `curl https://www.cloudflare.com/ips-v4`; do iptables -I INPUT -p tcp -s $i --dport https -j ACCEPT; done  

drop other not from Cloudflare:

iptables -A INPUT -p tcp --dport http -j DROP  
iptables -A INPUT -p tcp --dport https -j DROP  

save:

iptables-save | sudo tee /etc/sysconfig/iptables  

restart:

/etc/init.d/iptables restart