This paper proposes a new approach that integrates the simplified firewall and the state-oriented smart card technologies to construct a controllable and accountable Internet access framework. A smart card program is state-oriented or a state machine, which accepts pre-defined events and performs state transitions. The communication states of a smart card program are defined such that only "authorized" surfing targets could exchange messages. A pre-defined Access Control List (ACL), stored in the card, is the definition of permit or deny access that applies to addresses and/or protocols. The acceptance or rejection message is determined by matching the card program state and the ACL. In addition, a complete surfing account for tracing back is recorded. It is a by-product of the smart card authentication.