Yeah, any solution is going to require at least egress rules for its traffic. Tailscale is a bit different since part of what it’s able to do is provide access to your LAN, if desired. Cloudflare just needs two ports, but it’s only providing a tunnel from the host.
It would be LARGE PRINT and it would work by me being able to read it without a magnifying glass.