diff --git a/crates/shadowsocks-service/src/acl/mod.rs b/crates/shadowsocks-service/src/acl/mod.rs
index adc9e5fcb460..c06a5aee9fd1 100644
--- a/crates/shadowsocks-service/src/acl/mod.rs
+++ b/crates/shadowsocks-service/src/acl/mod.rs
@@ -9,7 +9,7 @@ use std::{
     fs::File,
     io::{self, BufRead, BufReader, Error, ErrorKind},
     net::{IpAddr, SocketAddr},
-    path::Path,
+    path::{Path, PathBuf},
     str,
 };
 
@@ -321,6 +321,7 @@ pub struct AccessControl {
     black_list: Rules,
     white_list: Rules,
     mode: Mode,
+    file_path: PathBuf,
 }
 
 impl AccessControl {
@@ -328,7 +329,10 @@ impl AccessControl {
     pub fn load_from_file<P: AsRef<Path>>(p: P) -> io::Result<AccessControl> {
         trace!("ACL loading from {:?}", p.as_ref());
 
-        let fp = File::open(p)?;
+        let file_path_ref = p.as_ref();
+        let file_path = file_path_ref.to_path_buf();
+
+        let fp = File::open(file_path_ref)?;
         let r = BufReader::new(fp);
 
         let mut mode = Mode::BlackList;
@@ -421,9 +425,15 @@ impl AccessControl {
             black_list: bypass.into_rules()?,
             white_list: proxy.into_rules()?,
             mode,
+            file_path,
         })
     }
 
+    /// Get ACL file path
+    pub fn file_path(&self) -> &Path {
+        &self.file_path
+    }
+
     /// Check if domain name is in proxy_list.
     /// If so, it should be resolved from remote (for Android's DNS relay)
     ///
diff --git a/crates/shadowsocks-service/src/manager/server.rs b/crates/shadowsocks-service/src/manager/server.rs
index 3455cc76700a..5e8348e7648f 100644
--- a/crates/shadowsocks-service/src/manager/server.rs
+++ b/crates/shadowsocks-service/src/manager/server.rs
@@ -366,16 +366,21 @@ impl Manager {
         let manager_addr = self.svr_cfg.addr.to_string();
 
         // Start server process
-        let child_result = Command::new(&self.svr_cfg.server_program)
+        let mut child_command = Command::new(&self.svr_cfg.server_program);
+        child_command
             .arg("-c")
             .arg(&config_file_path)
             .arg("--daemonize")
             .arg("--daemonize-pid")
             .arg(&pid_path)
             .arg("--manager-addr")
-            .arg(&manager_addr)
-            .kill_on_drop(false)
-            .spawn();
+            .arg(&manager_addr);
+
+        if let Some(ref acl) = self.acl {
+            child_command.arg("--acl").arg(acl.file_path().to_str().expect("acl"));
+        }
+
+        let child_result = child_command.kill_on_drop(false).spawn();
 
         if let Err(err) = child_result {
             error!(