PayPal servers should have unrestricted access to your OTS acc. maker to report payments.
Open your domain settings in CloudFlare panel and navigate to Security -> Security Rules
In Custom Rules section press Create rule.
Then setup things as on screenshot below. Expression for PayPal IPs from moment I publish this post (you can get current Paypal IP here: https://www.paypal.com/us/cshelp/article/what-are-the-internet-protocol-ip-addresses-for-paypal-server-endpoints-ts1056 ):
(ip.src in {64.4.240.0/21 64.4.248.0/22 66.211.168.0/22 91.243.72.0/23 173.0.80.0/20 185.177.52.0/22 192.160.215.0/24 198.54.216.0/23})