How can I have it so ONLY the browser can have internet privileges in container?

I know sandboxie has that as an option in settings, how can I get Comodo to do the same thing?

Create a firewall rule to allow FF to access internet. You can go to tasks, firewall tasks, and click allow application.

FF and other browsers already have internet access, how do I have it to control in the sandbox what can or can’t?

you can make the firewall show popups by unchecking “Do not show popup alerts” in the firewall settings, allowing you to allow and block connections for apps running in the sandbox accordingly with the option to create a permanent rule when a popup shows.

You can create a block all firewall rule for the sandbox folder then create an allow rule your browser.

A. First create a file group for the sandboxed folder:

  1. Open settings → File Rating → File Groups
  2. Click add → New Group → Name it “Sandboxed Apps” or whatever you want
  3. Right click on your new group → Select Add - Folders → Select the sandbox folder "C:\VTRoot" * (Note the VTRoot folder is hidden so you will have to show hidden files in windows)

B. Now create a block rule for your newly created file group:

  1. Open settings → Firewall → Application Rules → Add
  2. Now select “Use Ruleset” → Blocked Application
  3. At the top right select browse → File Groups → Select Sandboxed Apps (or whatever you named your file group in section A)

C. Now create an allow rule for your browser:

  1. Open settings → Firewall → Application Rules → Add
  2. Now select “Use Ruleset” → Allowed Application
  3. In the “Name:” Box copy and paste the path to your browser in my case it was “C:\VTRoot\HarddiskVolume2\Program Files\Mozilla Firefox*”
  4. At the end of the file path add an asterisk “*” so all the subfolders will also be allowed.

NOTE: Make sure the allow rule is above the block rule in the application rules list.

If you have any problems/questions let me know