I'm working on a firewall for a virtual dedicated server and one of the things I'm looking into is port scanners. TCP flags are used for protection. I have 2 questions.
The rule:

-p tcp --tcp-flags SYN,ACK,FIN,RST SYN -j DROP

First argument says check packets with flag SYN Second argument says make sure the flags ACK,FIN,RST SYN are set
And when that's the case (there's a match), drop the tcp packet

First question:
I understand the meaning of RST and RST/ACK but in the second argument RST SYN is being used.
What's the difference between RST SYN and RST and SYN RST ?
Is there a "SYN RST" flag in a 3 way handshake ?

Second question is about the difference between

-p tcp --tcp-flags SYN,ACK,FIN,RST SYN -j DROP    

and

-p tcp --tcp-flags ALL SYN,ACK,FIN,RST SYN -j DROP    

When should ALL be used ?
When I use ALL, does that mean if the tcp packet with the syn flag doesn't have the ACK "and" the FIN "and" the RST SYN flags set, there will be no match ?