Perhaps a naive question, but given the seemingly nicely tight iptables rules in whonix, what deficiencies would result from enabling ip forwarding on gateway?
(Assume vpn on gw and selectively enabling particular traffic, such as udp/socks5, app by app, on the ws.)