If you want to feel more secure, but this is kind of complicated, use fail2ban … For example see: Use of fail2ban
But if there is no service at the scanned ports, fail2ban is useless overhead. Only needed for https/ssh/or other exposed services.
Easier is not to expose services to the internet and ignore the useless scans (as said before).