You can surely lock JR out of the internet if you double home YOUR computer.
Be sure to use different IP NETWORK addresses for your two nets; no bridging
here! One net goes to router and internet, while second net links JR's
computer with your computer. A problem arises if a third computer needs
internet access, and also possesses resources that JR must access.
Double homing become impractical if you are relying on wireless networking
in your home. In such case, you'll need a second wireless broadcasting
device, or "access point" to propagate the second network. Common wireless
routers can be implemented to serve in this role. But for the sake of
argument, I will assume your SOHO is wired, rather than wireless. You might
then have to pull some more ethernet wire, depending on the layout and
topology of your SOHO.
To resolve the "problem" mentioned in the first paragraph of my response,
you can double home the third computer, as well. Now your son can access
the third computer's shared resources, while still being blocked from
internet; i.e, blocked from the FIRST IP NETWORK, thanks to lack of routing
in YOUR computer and the THIRD computer. If your son is clever enough to
turn either of these two XP Pro computers into routers, then this plan falls
apart. This is theoretically possible, and the instructions to do this are
"available on the internet."
What's your son gonna do with internet access?? Build an atomic bomb?!
Ultimately, your strategy will boil down to your ability to keep passwords
away from JR's access. Be sure to password the "administrator" that is
accessible only while booting up into safe mode. My SON told me about that
one!
Configuring routers to block access boils down to keeping said router(s)
behind locked doors, because JR can press the reset button on any router.
Physical locking of passageways has its own hazardous implications.
)