I always wanted to play with ufw. You gave me the reason so tried it, although I suspected the result even before that. I had to find out what gave you the output you quoted in your post. I found that ufw status verbose shows ALLOW IN and simple ufw status shows only ALLOW.

This rule

5432                       ALLOW IN    172.17.0.0/16

can be created this way:

ufw allow from 172.17.0.0/16 to any port 5432

It means you allow access FROM 172.17.0.0/16 to port 5432 on ANY IP address. When you changed the rules

5432                       ALLOW IN    172.20.0.0/16

which can be created this way:

ufw allow from 172.20.0.0/16 to any port 5432

it means you allow access FROM 172.20.0.0/16 to port 5432 on any IP address. This is why you could allow each gateway because you specified only the source and allowed each target. If you want to allow connection from any network to a specific IP address, you can do this:

ufw allow from any to 172.17.0.1 port 5432

Then the status is:

172.17.0.1 5432              ALLOW IN    Anywhere

and finally allowing access from a specific network to a specific IP address

ufw allow from 172.20.0.0/16 to 172.17.0.1 port 5432

172.17.0.1 5432              ALLOW IN    172.20.0.0/16