diff --git a/firewalld/backend.sls b/firewalld/backend.sls
index 7190c89..9b9e37f 100644
--- a/firewalld/backend.sls
+++ b/firewalld/backend.sls
@@ -4,8 +4,34 @@
 #
 {% from "firewalld/map.jinja" import firewalld with context %}
 
-{%- if salt['pillar.get']('firewalld:installbackend') %}
+{% set backend_manage = firewalld.backend.manage %}
+{% set backend_pkg = firewalld.backend.pkg %}
+
+# Backward compatibility setting and deprecation notices
+### Manage setting (old firewalld:installbackend)
+{% if firewalld.installbackend is defined %}
+firewalld-installbackend-deprecated:
+  test.show_notification:
+    - text: |
+        'firewalld:installbackend' is deprecated. Set 'firewalld:backend:manage' instead.
+        See firewalld/pillar.example for more information
+
+  {% set backend_manage = firewalld.installbackend %}
+{% endif %}
+
+### Package setting (old firewalld:backendpackage)
+{% if firewalld.backendpackage is defined %}
+firewalld-backendpackage-deprecated:
+  test.show_notification:
+    - text: |
+        'firewalld:backendpackage' is deprecated. Use 'firewalld:backend:pkg' instead
+        See firewalld/pillar.example for more information
+
+  {% set backend_pkg = firewalld.backendpackage %}
+{% endif %}
+
+{%- if backend_manage %}
 package_backend:
   pkg.installed:
-    - name: {{ firewalld.backendpackage }}
+    - name: {{ backend_pkg }}
 {%- endif %}
diff --git a/firewalld/defaults.yaml b/firewalld/defaults.yaml
index 73b7e7f..1334058 100644
--- a/firewalld/defaults.yaml
+++ b/firewalld/defaults.yaml
@@ -7,11 +7,11 @@ firewalld:
   config: /etc/firewalld.conf
 
   ipset:
-    manage: true
+    manage: false
     pkg: ipset
 
   backend:
-    manage: true
+    manage: false
     pkg: nftables
 
   ipsets: {}
diff --git a/pillar.example b/pillar.example
index 2abd4db..779e933 100644
--- a/pillar.example
+++ b/pillar.example
@@ -5,7 +5,8 @@ firewalld:
     manage: True
     pkg: ipset
 
-  installbackend: False
+  installbackend: True
+  backendpackage: nftables
   default_zone: public
 
   services:
diff --git a/test/integration/default/backend_spec.rb b/test/integration/default/backend_spec.rb
new file mode 100644
index 0000000..f27673a
--- /dev/null
+++ b/test/integration/default/backend_spec.rb
@@ -0,0 +1,3 @@
+describe package('nftables') do
+  it { should be_installed }
+end
diff --git a/test/integration/default/firewalld_spec.rb b/test/integration/default/firewalld_spec.rb
index 07d3a60..ef81e55 100644
--- a/test/integration/default/firewalld_spec.rb
+++ b/test/integration/default/firewalld_spec.rb
@@ -1,3 +1,18 @@
+describe package('firewalld') do
+  it { should be_installed }
+end
+
 describe service('firewalld') do
+  it { should be_enabled }
   it { should be_running }
 end
+
+describe service('iptables') do
+  it { should_not be_enabled }
+  it { should_not be_running }
+end
+
+describe service('ip6tables') do
+  it { should_not be_enabled }
+  it { should_not be_running }
+end
diff --git a/test/integration/default/ipset_spec.rb b/test/integration/default/ipset_spec.rb
new file mode 100644
index 0000000..3a45f32
--- /dev/null
+++ b/test/integration/default/ipset_spec.rb
@@ -0,0 +1,3 @@
+describe package('ipset') do
+  it { should be_installed }
+end