diff --git a/CMakeLists.txt b/CMakeLists.txt
index 38d220c..79abee5 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -1,7 +1,8 @@
 cmake_minimum_required(VERSION 3.10)
 set(CMAKE_CXX_STANDARD 17)
 set(CMAKE_CXX_STANDARD_REQUIRED ON)
-set(CMAKE_BUILD_TYPE DEBUG)
+# set(CMAKE_BUILD_TYPE DEBUG)
+set(CMAKE_BUILD_TYPE RELEASE)
 add_compile_options(-Wno-return-type)
 
 project(cgproxy VERSION 3.7)
diff --git a/cgproxy.conf b/cgproxy.conf
index 15ecdc2..5557854 100644
--- a/cgproxy.conf
+++ b/cgproxy.conf
@@ -1,26 +1,47 @@
 ## cgroup transparent proxy
 ## see how to configure, https://github.com/springzfx/cgproxy
 
+###################################################################################
 ## any process in cgroup_proxy will be proxied, and cgroup_noproxy the opposite
 ## note, cgroup must start with slash '/'
-# cgroup_proxy="/"  # for global tproxy
-# cgroup_noproxy="/system.slice/v2ray.service" # for v2ray service
+## the value can be string or bash array
+## for array, only the first element will be created if not exist
+## and the rest elements will not, so won't be applied
+
+### global proxy with v2ray service
+#cgroup_proxy="/"
+#cgroup_noproxy=("/noproxy.slice" "/system.slice/v2ray.service")
+
+### global proxy with manual `cgnoporxy qv2ray`
+#cgroup_proxy="/"
+#cgroup_noproxy="/noproxy.slice"
+
+### default
 cgroup_proxy="/proxy.slice"
 cgroup_noproxy="/noproxy.slice"
 
+
+###################################################################################
 ## allow as gateway for local network
 enable_gateway=false
 
+
+###################################################################################
 ## listening port of another proxy process, for example v2ray 
 port=12345
 
-## if you set to false, it's traffic won't go through proxy, but still can go direct to internet 
+
+###################################################################################
+## if you set to false, it's traffic won't go through proxy,
+## but still can go direct to internet
 enable_dns=true
 enable_tcp=true
 enable_udp=true
 enable_ipv4=true
 enable_ipv6=true
 
+
+###################################################################################
 ## do not modify this if you don't known what you are doing
 table=100
 fwmark=0x01
diff --git a/cgroup-tproxy.sh b/cgroup-tproxy.sh
index 324e136..eaf885e 100644
--- a/cgroup-tproxy.sh
+++ b/cgroup-tproxy.sh
@@ -69,7 +69,6 @@ for i in "$@"
 do
 case $i in
     stop)
-        iptables -t mangle -L TPROXY_PRE &> /dev/null || exit 0
         echo "stopping tproxy iptables"
         iptables -t mangle -D PREROUTING -j TPROXY_PRE
         iptables -t mangle -D OUTPUT -j TPROXY_OUT
@@ -99,7 +98,6 @@ case $i in
     --config=*)
         config=${i#*=}
         source $config
-        shift
         ;;
     --help)
         print_help
@@ -136,8 +134,12 @@ iptables -t mangle -A TPROXY_OUT -p icmp -j RETURN
 iptables -t mangle -A TPROXY_OUT -m connmark --mark  $make_newin -j RETURN
 iptables -t mangle -A TPROXY_OUT -m addrtype --dst-type LOCAL -j RETURN
 iptables -t mangle -A TPROXY_OUT -m addrtype ! --dst-type UNICAST -j RETURN
-iptables -t mangle -A TPROXY_OUT -m cgroup --path $cgroup_noproxy -j RETURN
-iptables -t mangle -A TPROXY_OUT -m cgroup --path $cgroup_proxy -j MARK --set-mark $fwmark
+for cg in ${cgroup_noproxy[@]}; do
+iptables -t mangle -A TPROXY_OUT -m cgroup --path $cg -j RETURN
+done
+for cg in ${cgroup_proxy[@]}; do
+iptables -t mangle -A TPROXY_OUT -m cgroup --path $cg -j MARK --set-mark $fwmark
+done
 iptables -t mangle -A OUTPUT -j TPROXY_OUT
 
 #ipv6#
@@ -163,8 +165,12 @@ ip6tables -t mangle -A TPROXY_OUT -p icmpv6 -j RETURN
 ip6tables -t mangle -A TPROXY_OUT -m connmark --mark  $make_newin -j RETURN
 ip6tables -t mangle -A TPROXY_OUT -m addrtype --dst-type LOCAL -j RETURN
 ip6tables -t mangle -A TPROXY_OUT -m addrtype ! --dst-type UNICAST -j RETURN
-ip6tables -t mangle -A TPROXY_OUT -m cgroup --path $cgroup_noproxy -j RETURN
-ip6tables -t mangle -A TPROXY_OUT -m cgroup --path $cgroup_proxy -j MARK --set-mark $fwmark
+for cg in ${cgroup_noproxy[@]}; do
+ip6tables -t mangle -A TPROXY_OUT -m cgroup --path $cg -j RETURN
+done
+for cg in ${cgroup_proxy[@]}; do
+ip6tables -t mangle -A TPROXY_OUT -m cgroup --path $cg -j MARK --set-mark $fwmark
+done
 ip6tables -t mangle -A OUTPUT -j TPROXY_OUT
 
 ## allow to disable, order is important
@@ -199,8 +205,8 @@ ip6tables -t mangle -I TPROXY_PRE -m addrtype ! --src-type LOCAL -m conntrack --
 
 ## message for user
 cat << DOC
-noproxy cgroup: $cgroup_noproxy
-proxied cgroup: $cgroup_proxy
+noproxy cgroup: ${cgroup_noproxy[@]}
+proxied cgroup: ${cgroup_proxy[@]}
 DOC
 
 
diff --git a/readme.md b/readme.md
index 1fe4305..8ef3a57 100644
--- a/readme.md
+++ b/readme.md
@@ -128,7 +128,9 @@ sudo systemctl restart cgproxy.service
       
       example: `cgnoproxy sudo v2ray -config config_file`
       
-  - passive way
+      example: `cgnoproxy qv2ray`
+      
+  - passive way, useful if you run v2ray as service
   
       set `cgroup_noproxy="<PROXY PROGRAM's CGROUP>"`