Yes, the firewall stays active after rebooting.
I've also checked if the firewall was perhaps circumvented by looking at the NAT log of my router. No entry, so it seems to work.
Another idea might be: If you, say, currently need Cloudflare for surfing the net, then you could enable just these IP ranges by making a separate text file and running this command:
while read line; do sudo ufw allow out from any to $line; done < ip-ranges-cloudflare.txt
I only changed in the first script "deny" to "allow".
These would be the IP ranges:
173.245.48.0/20
103.21.244.0/22
103.22.200.0/22
103.31.4.0/22
141.101.64.0/18
108.162.192.0/18
190.93.240.0/20
188.114.96.0/20
197.234.240.0/22
198.41.128.0/17
162.158.0.0/15
104.16.0.0/13
104.24.0.0/14
172.64.0.0/13
131.0.72.0/22
2400:cb00::/32
2606:4700::/32
2803:f800::/32
2405:b500::/32
2405:8100::/32
2a06:98c0::/29
2c0f:f248::/32