Modbus does not have a read-only mode, if you make the Modbus port of the server accessible on the internet, anyone who connects can also change data.
That is very insecure, we just have to see a log of any firewall of a public IP to verify that every day hundreds of attempts to connect to different ports are received.
Use a VPN or a protocol with security capabilities like OPC UA.