I'm not to much into networks, although I've been sysadmin my vps for years.
why I would need a NAT Gateway? it's not enough with a good set of rules of ufw or similar software?
It's mostly for AWS context, when you want to host for example your servers in a private subnet, but you want to allow access of small part: you can leverage a NAT Gateway to be the public entrypoint + some security groups as gatekeepers to filter the traffic.
However, the fees from AWS are atrocious on the NAT Gateway.
