But the NAT is the part making more things reachable, not less.

You need state to block only inbound originated sessions (i.e. the one way door to a private subnet).