diff --git a/chef/cookbooks/metasploitable/recipes/ingreslock.rb b/chef/cookbooks/metasploitable/recipes/ingreslock.rb
new file mode 100644
index 0000000..ff14614
--- /dev/null
+++ b/chef/cookbooks/metasploitable/recipes/ingreslock.rb
@@ -0,0 +1,27 @@
+#
+# Cookbook:: metasploitable
+# Recipe:: ingreslock
+#
+# Copyright:: 2020, Rapid7, All Rights Reserved.
+
+include_recipe 'iptables::default'
+
+iptables_rule '01_ingreslock' do
+  lines "-A INPUT -p tcp --dport 1524 -j ACCEPT"
+end
+
+package 'inetutils-inetd' do
+  action :install
+end
+
+# needs to happen before starting the service --
+# otherwise, if no services listed in inetd.conf,
+# inetd will refuse to start.
+execute 'add ingreslock to /etc/inetd.conf' do
+  command "echo 'ingreslock stream tcp nowait root /bin/bash bash -i' >> /etc/inetd.conf"
+  not_if "grep -q 'ingreslock stream tcp nowait root /bin/bash bash -i' /etc/inetd.conf"
+end
+
+service 'inetutils-inetd' do
+  action [:enable, :start]
+end
diff --git a/chef/dev/ub1404/Vagrantfile b/chef/dev/ub1404/Vagrantfile
index ed1859d..0caa9c1 100644
--- a/chef/dev/ub1404/Vagrantfile
+++ b/chef/dev/ub1404/Vagrantfile
@@ -41,6 +41,7 @@ Vagrant.configure("2") do |config|
     chef.add_recipe "metasploitable::cups"
     chef.add_recipe "metasploitable::drupal"
     chef.add_recipe "metasploitable::knockd"
+    chef.add_recipe "metasploitable::ingreslock"
     chef.add_recipe "metasploitable::iptables"
     chef.add_recipe "metasploitable::flags"
     chef.add_recipe "metasploitable::clear_cache"
diff --git a/packer/templates/ubuntu_1404.json b/packer/templates/ubuntu_1404.json
index b6c995b..9c3cb25 100644
--- a/packer/templates/ubuntu_1404.json
+++ b/packer/templates/ubuntu_1404.json
@@ -175,6 +175,7 @@
         "metasploitable::cups",
         "metasploitable::drupal",
         "metasploitable::knockd",
+        "metasploitable::ingreslock",
         "metasploitable::iptables",
         "metasploitable::flags",
         "metasploitable::ifnames"
diff --git a/versions/pro/Vagrantfile b/versions/pro/Vagrantfile
index b53ea99..8e5cdf4 100644
--- a/versions/pro/Vagrantfile
+++ b/versions/pro/Vagrantfile
@@ -69,6 +69,7 @@ Vagrant.configure("2") do |config|
       chef.add_recipe "metasploitable::cups"
       chef.add_recipe "metasploitable::drupal"
       chef.add_recipe "metasploitable::knockd"
+      chef.add_recipe "metasploitable::ingreslock"
       chef.add_recipe "metasploitable::iptables"
       chef.add_recipe "metasploitable::flags"
       chef.add_recipe "metasploitable::clear_cache"