Hi,
By default ports like 502 is closed in router. So there is no need to add rules in firewall to close it.
If you want that only VPN interface can reach your RS485, configure "Allow IP" in Services -> RS232/RS485 -> RS485. These rules will not be visible in firewall WebUI window, but additional rules in iptables is added to control this traffic.