There are a few ways to do that , depending on kernel/distro.
For Ubuntu-MATE the easiest way is using the firewall.
You can block network traffic based on user-id.
The terminal application to set this up is known as 'iptables'.
(Because unfortunately , the standard firewall-GUI (gufw/ufw) is, as far as I know, not advanced enough to accomplish this.)
Read the manual page because 'iptables' is very flexible and incredibly powerful, but that power is best harnessed if you know a thing or two about how it works.
This is what I found on linuxquestions.org
iptables -A OUTPUT -m owner --uid-owner 666 -j DROP
Ofcourse the '666' here should be replaced with the real user ID.
Also, this rule should be loaded every time at boot because iptable rules are not persistant. ( There are several ways to make it persistant though)
Best to read up on 'iptables' and 'ip6tables'
man ip6tables
It also might be a good idea to visit this site:
You might want to disable or uninstall 'ufw' and 'gufw' if you have it installed.
(ufw adds a bunch of extra firewall chains which could needlessly complicate the setup)
P.S. I am still wondering why ufw is so much more complicated than iptables while the name suggests otherwise.