I'm guessing the computer you added these rules to is connecting to the internet through a gateway/modem separate from the computer your son is using.
I looked at your StackExchange reference; did you verify the following files:
/etc/group
/home/username/.local/bin/no-internet
Note that in order for this to block access, programs have to be started like the example:
Code:
no-internet "firefox"
This doesn't seem too secure to me.
To block all user's access to the internet, leave the gateway address blank. That is only used to send packets "off-network".
Another way would be to add a firewall rule:
Code:
iptables -I OUTPUT ! -d 192.168.1.0/24 -j REJECT
Change 192.168.1.0/24 to your LAN network address CIDR.